StumbleUpon vulnerable to Reflected Cross site scripting

A security researcher, Rafay Baloch, has discovered Cross site scripting vulnerability in the StumbleUpon , One of the famous social bookmarking website with alexa rank of 149.

“Few days before, while i was hunting for vulnerabilities inside stumbleupon.com,” Rafay said in his blog post. “Fiddler helped me obtain a non persistent XSS vulnerability inside stumbleupon”

He send notification about the vulnerability to StumbleUpon, however there is no response from other side.

“For security reasons i cannot disclose the URL and parameters for the injection, I hope stumbleupon fixes the vulnerability pretty soon.” researcher said.

At the time of writing, the vulnerability is not patched and we are able to exploit the vulnerability.  In fact, i inject a redirection code that successfully redirects me to the given url.  So Continue Reading StumbleUpon vulnerable to Reflected Cross site scripting

Tweet with this Shortlink:

Posted by Obasi Miracle on this date: Leave a Comment

Sign Up in Seconds

Join us to get latest updates (ONLY) delivered to your inbox. No Spam, We Promise!


About Obasi Miracle

I am a dedicated web developer with interest in blogging and app development. I have lots of buddies and always ready to connect with like-minded pals - See more about me.

Speak Your Mind

*