[OSM-dev] XSS Vulnerabilities
Callum Noble
callum at notthesame.co.uk
Mon Jan 14 23:12:16 GMT 2008
Frederik Ramm wrote:
> Hi,
>
>> I notice that the message sending section of the openstreetmap.org
>> site is vulnerable to type 2 XSS attacks.
>
> Had to look this up on Wikipedia. What he means is that you can send a
> message to someone else that contains a "<b>" and when that message is
> displayed, the "<b>" is not escaped properly but leads to a bold type.
I should have been a little more clear in my mail.
You can send a "<b>" as you say.
The danger is that someone can send javascript, for example:
<script>alert('XSS attack')</script>
Sending this would cause the javascript to run. Someone could craft some
code that would execute as the user reading the message - this would be
able to do anything that the logged in user could do.
It would also be possible for the attacker to retrieve a users session
cookie compromising their login.
I hope that this can be understood to be a serious issue.
Regards,
--
Callum
More information about the dev
mailing list