0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Ghost Blog 0.11.3 Cross Site Scripting Vulnerability
Persistent Cross-Site Scripting (XSS) in Ghost ------------------------------------------------------- Author: - Patrick Costa < patrickrbcosta () gmail.com > Tempest Security Intelligence - Recife, Pernambuco - Brazil =====[ Table of Contents ]================================================= 1. Overview 2. Detailed description 3. Affected versions & Solutions 4. Timeline of disclosure 5. Thanks & Acknowledgements 6. References =====[ Overview ]========================================================== * System affected : Ghost Blog [1] * Version : 0.11.3 previous versions or models may also be affected. [2] * Impact : This vulnerability allows an attacker to use Ghost's platform to deliver attacks against other users. =====[ Detailed description ]============================================== Ghost version 0.11.3 is vulnerable to persistent cross-site scripting (XSS) because it fails to securely handle user data, thus making it possible for an attacker to supply crafted input in order to harm third party users. The affected point is the website input field located within the "Your profile" page. In order to reproduce the vulnerability, access the URL http(s)://{{ blog URL }}/ghost/team/{{ user slug }}/ and edit the user website inserting the following payload: {{ valid URL }}/</script><script>alert(1)</script> Save changes and visit any post created by this author or the author's page at http(s)://{{ blog URL}}/author/{{ user slug }}/. It is worth noting that the issue may affect users regardless of privilege levels, since the malicious page can be browsed by an admin, the owner or a regular visitor. =====[ Aggravating factors ]=============================================== The session token of an authenticated user is accessible through JavaScript. =====[ Affected versions & Solutions ]===================================== The vulnerability is addressed and the fix is part of the 0.11.4 release. =====[ Timeline of disclosure ]============================================ 12/27/2016 - Reported vulnerability to security@ghost.org. 01/10/2017 - Ghost team applied patch. 01/12/2017 - Ghost team answered the email acknowledging the vulnerability. 01/18/2017 - Advisory publication date. =====[ Thanks & Acknowledgements ]========================================= - Tempest Security Intelligence [3] - Tempest Hammerhead Team =====[ References ]======================================================== [1] https://ghost.org/ [2] https://github.com/TryGhost/Ghost/releases/tag/0.11.3 [3] http://www.tempest.com.br/ # 0day.today [2024-12-24] #