Information -------------------- Name : XSS Persistent in EA Sports Software : EA Sports Main site Vendor Homepage : http://www.ea.com Vulnerability Type : XSS Persistent Severity : Very High Researcher : Juan Sacco <jsacco [at] insecurityresearch [dot] com> Description ------------------ EA Sports is prone to a XSS Stored vulnerability because the application fails to properly perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the victim's machine. Details ------------------- The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read Exploit example as follow ----------------------------- Vulnerable web site http://www.ea.com/soccer/profile/biography/cem_ea_id/jsacco123 The vulnerability is caused by the following code and affected by the "Hometown" input <li> <label class="section">Home Town:</label> '><script xml:space="preserve">alert("XSS discovered by INSECT Pro")</script> </li> <li> Solution ------------------- No patch are available at this time. Credits ------------------- Manual discovered by Insecurity Research Labs Juan Sacco - http://www.insecurityresearch.com -- _________________________________________________ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/