Comments on: Democracy 2.0.1 HTML Injection Vulnerability

By: DK

DK — Fri, 18 Jan 2008 16:46:37 +0000

Aaron, you asked for it :):
Try (in IE7)

http://www.problogger.net/’style=xss:expression(alert(document.cookie));//

You may have to force close your IE afterwards though, so be prepared :)

Note: you may need to replace the single quote manually, as a direct copy and paste may not work.

By: Aaron Brazell

Aaron Brazell — Fri, 18 Jan 2008 15:58:58 +0000

I released the original exploit a year and a half ago, so hi, welcome to the fraternity of Democracy exploit finders. We’re a small and humble bunch. ;-)

I can’t get this to work though. Maybe I’m missing something. My team has tested on all major browsers and on Macs and PCs. Can you elaborate on the trick here? Or contact me privately and we can look at some specific cases.

By: BOK

BOK — Thu, 17 Jan 2008 11:54:36 +0000

Plugin removed after minor issues. Searching for solutions showed that this plugin has a long reputation of weird issues and author’s support is minor…
Taken the possible insecurity-issue (though fixed here) I came to my descision.

By: DK

DK — Wed, 16 Jan 2008 22:25:31 +0000

dre, I found it on BlogSec yes.

By: dre

dre — Wed, 16 Jan 2008 16:10:12 +0000

don’t you run the Democracy plugin on this blog? did you find this from dynamically testing or did you find it in the code?

By: BOK » Blog Archive » QotD - 5

BOK » Blog Archive » QotD - 5 — Wed, 16 Jan 2008 13:34:59 +0000

[...] installed a polling plugin (and fixed it), so let’s make this a democratic process! Would you pay $20 / €18 for the extra iPod [...]