EA Sports Cross Site Scripting



EKU-ID: 591 CVE: OSVDB-ID:
Author: Juan Sacco Published: 2011-06-22 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


 Information
 --------------------
 Name : XSS Persistent in EA Sports
 Software : EA Sports Main site
 Vendor Homepage : http://www.ea.com
 Vulnerability Type : XSS Persistent
 Severity : Very High
 Researcher : Juan Sacco <jsacco [at] insecurityresearch [dot] com>

 Description
 ------------------
 EA Sports is prone to a XSS Stored vulnerability because the 
 application fails to properly perform adequate boundary checks on 
 user-supplied data.
 An attacker can exploit this issue to execute arbitrary code in the 
 victim's machine.

 Details
 -------------------
 The persistent (or stored) XSS vulnerability is a more devastating 
 variant of a cross-site scripting flaw: it occurs when the data provided 
 by the attacker is saved by the server, and then permanently displayed 
 on "normal" pages returned to other users in the course of regular 
 browsing, without proper HTML escaping. A classic example of this is 
 with online message boards where users are allowed to post HTML 
 formatted messages for other users to read

 Exploit example as follow
 -----------------------------
 Vulnerable web site
 http://www.ea.com/soccer/profile/biography/cem_ea_id/jsacco123

 The vulnerability is caused by the following code and affected by the 
 "Hometown" input
 <li>
  <label class="section">Home Town:</label>
  '&gt;<script xml:space="preserve">alert("XSS discovered by INSECT 
 Pro")</script>      </li>
 <li>

 Solution
 -------------------
 No patch are available at this time.

 Credits
 -------------------
 Manual discovered by Insecurity Research Labs
 Juan Sacco - http://www.insecurityresearch.com

-- 
 _________________________________________________
 Insecurity Research - Security auditing and testing software
 Web: http://www.insecurityresearch.com
 Insect Pro 2.6.1 was released stay tunned

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/