[OSM-dev] XSS Vulnerabilities

Callum Noble callum at notthesame.co.uk
Mon Jan 14 23:12:16 GMT 2008


Frederik Ramm wrote:
> Hi,
> 
>> I notice that the message sending section of the openstreetmap.org
>> site is vulnerable to type 2 XSS attacks.
> 
> Had to look this up on Wikipedia. What he means is that you can send a
> message to someone else that contains a "<b>" and when that message is
> displayed, the "<b>" is not escaped properly but leads to a bold type.

I should have been a little more clear in my mail.

You can send a "<b>" as you say.

The danger is that someone can send javascript, for example:
<script>alert('XSS attack')</script>

Sending this would cause the javascript to run. Someone could craft some 
code that would execute as the user reading the message - this would be 
able to do anything that the logged in user could do.
It would also be possible for the attacker to retrieve a users session 
cookie compromising their login.

I hope that this can be understood to be a serious issue.

Regards,
-- 
Callum




More information about the dev mailing list