Multiple XSS in Copy.com

Copy.com is a Barracuda Networks file sharing service, which offers 15GB of a free cloud storage for your files.

When I first read about Copy.com I almost immediately registered for an account. 15GB of a free storage was very tempting. Few moments later I started reporting vulnerabilities.

1. Company settings page – „Company Name” and „Directory Name” did not escape quote sign, which allowed an injection like:

" onclick=alert(document.cookie) x="

2. Profile settings page – „Verify” and „Remove” e-mail functions were vulnerable to a XSS via the URL. After clicking the injected word an alert box popped up.

3. Billing settings page – „Name on Card” and all „Address” fields did not escape quote sign, which again allowed an injection like:

" onclick=alert('http://lubi.cz') "


Timeline:

[May 16th 2013] - bugs #1 & #2 were reported
[May 17th 2013] - bug #2 was fixed
[June 19th 2013] - second contact, because bug #1 was not fixed. Bug was fixed soon after.
[June 25th 2013] - bug #3 was reported
[July 10th 2013] - bug #3 was fixed

I would like to thank Zack, Tom and Brian for a flawless work with a bug fixing procedures.

If you would like to receive a free 20 GB (15+5GB) of a free cloud storage, please use this link, which will give us both an additional 5GB bonus space (client installation is needed). Thank you.

Dodaj komentarz

Twój adres email nie zostanie opublikowany. Pola, których wypełnienie jest wymagane, są oznaczone symbolem *