tag:blogger.com,1999:blog-4298878780682526947.post8514698802320689868..comments2010-02-21T07:43:34.012+01:00Comments on Mark IJbema's Blog: XSS in BlogspotMark IJbemahttp://www.blogger.com/profile/12619570589502015540noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4298878780682526947.post-72792715693148519382009-11-16T13:45:24.177+01:002009-11-16T13:45:24.177+01:00Interesting blog as for me. It would be great to r...Interesting blog as for me. It would be great to read something more about this matter.<br />BTW check the design I've made myself <a href="http://www.admirableescorts.com/" rel="nofollow">Female escorts</a>Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4298878780682526947.post-81132509072302312302007-04-12T23:25:00.000+01:002007-04-12T23:25:00.000+01:00U vraagt, wij draaien ;)U vraagt, wij draaien ;)Mark IJbemahttps://www.blogger.com/profile/12619570589502015540noreply@blogger.comtag:blogger.com,1999:blog-4298878780682526947.post-12924289640554481122007-04-12T10:57:00.000+01:002007-04-12T10:57:00.000+01:00Hee mark, tijd voor een nieuw security artikel! Je...Hee mark, tijd voor een nieuw security artikel! Je lezers wachten met smart...Anonymoushttps://www.blogger.com/profile/08842802457037142099noreply@blogger.comtag:blogger.com,1999:blog-4298878780682526947.post-79461093690870433012007-01-19T14:33:00.000+01:002007-01-19T14:33:00.000+01:00All actions on blogger.com occur via the blogger.c...All actions on blogger.com occur via the blogger.com domain. I don't see how the user himself could change his own blog when viewing the xyz.blogspot.com domain, let alone any other logged in user. Maybe I'm missing something, but this seems mostly unexploitable, without some other, additional security leak.Eamon Nerbonnehttps://www.blogger.com/profile/00388124191987595398noreply@blogger.comtag:blogger.com,1999:blog-4298878780682526947.post-72483003781787330372007-01-18T22:18:00.000+01:002007-01-18T22:18:00.000+01:00You stated "I don't really think it's XSS if you c...You stated "I don't really think it's XSS if you can only inject on your own blog"; however, look at this senario... User A is logged into blogspot, views the malicious blog post, the javascript payload makes an entry into their page to inject the exploit there. It could potentially also delete the other person's posts, Steal their session with blogspot, etc. This could potentially make a blogspot worm.Anonymousnoreply@blogger.com