Persistent XSS Vulnerability Found on Tumblr (Updated)

Updated on: 2012-07-16 || Source: news.softpedia.com
Security researcher Riyaz Ahemed Walikar has identified a persistent cross-site scripting (XSS) vulnerability on the popular microblogging platform Tumblr.

XSS flaws are highly common on websites these days, but most of them are non-persistent and implicitly less dangerous.

“XSS can cause a lot of serious problems. An attacker can steal cookies, redirect users to fake or malicious sites, control a user's browser using automated frameworks like BeEF and download and execute exploits on the victim's computer,” Walikar explained.

“Stored XSS is even more dangerous since the script is stored on the server and is executed everytime user visits an infected page.”

According to the expert, Tumblr were notified more than three weeks ago on the issue, but so far the website's representatives have failed to address it. Walikar says that he will publish more technical details on the security hole in the upcoming period.

Update. Walikar has told Softpedia that the persistent XSS vulnerability has been addressed by Tumblr. The technical details are available on his blog.

News

Blackphone 2 'privacy' Android handset revamped
Security firm Silent Circle has revamped its smartphone that helps people manage personal data.
Chinese smartphones mount massive web attack
More than 650,000 Chinese smartphones have been unwittingly enrolled in a massive attack that overwhelmed a web
Hilton investigates hack claims
The Hilton hotel group has said it is investigating claims its US shops and gift stores may be the source of
Twitter website 'blocked' in Turkey
Twitter users in Turkey report that the social media site has been blocked in the country.

SIGN UP FOR NEWSLETTER

Sign up to received our free newsletter!
Name:
E-mail ID:

MOST READ

Views: 5262 Times
Highlighter Scroller READ MORE
Views: 2803 Times
Internet piracy appeal fee challenged by Consumer Focus READ MORE
Views: 2857 Times
Alan Turing papers on code breaking released by GCHQ READ MORE
Views: 6296 Times
Top 24 Facebook Secrets READ MORE
Views: 7379 Times
Excel 2007: Advanced Formulas and Functions READ MORE

Home|IT News|Computer Tips|Video Tutorials|Download Softwares|Subjects|Contact Us
Copyright © 2019. Jumbo Education (Information Technology). All rights reserved.
Free counter and web stats

Large Visitor Globe