This is a pretty thorough writeup from Chinesed about how his site was vulnerable to XSS. His writeup explains how the attacker injected XSS through a referrer field and affected his admins nearly a day later. I’ve personally seen this exact issue a number of time, and in fact, I used to surf around with a benign XSS exploit payload in my referrer field for exactly this reason.

The reason I stopped was primarily because I knew that the majority of the time the only place these issues arise is in administration consoles, and it’s not particularly useful as an attack vector if I can’t see the results. That’s good news because it’s hard to test for, but it’s bad news because it affects your administrators who watch your logs. In some cases it can be hours, days or even weeks later.

The scary part about this is that the payload was designed to get the attention of the administrator by popping up an alert box. It could have easily gone unnoticed had it not popped up an alert box. That’s even more scary to think about, as it can covertly allow attackers access to your most sensitive administration consoles and there’s really no good way to detect it. Anyway, it’s a pretty good writeup on how Chinesed isolated the issue.

This entry was posted on Saturday, October 28th, 2006 at 9:37 am and is filed under XSS, Webappsec. You can leave a response as well.