Exploits found on UserLand comment server

Two security exploits for Radio UserLand were published last night on the Radio customer support board.

The first exploit allows an attacker to execute scripts on a Radio weblog's comments page. This can be used to redirect visitors to another Web site, transmit cookies to a third party, open pop-up windows, and the like.

The second exploit allows an attacker to post a comment to an entry that doesn't exist yet.

These exploits affect users who host their comments on UserLand servers. If you'd like to take your comments offline temporarily while a fix is being prepared, use the Comments preference to disable the feature and republish your entire weblog.


The issue with allowing scripts to execute on Radio comment pages also applies to Radio trackback pages. Steve Kirks reported the trackback issue on his weblog, and it was also reported in the Radio discussion forum ("BUG : trackback script injection") 6 months ago.

To see a harmless example of this, view this page and scroll down to the bottom of the page. The housefly is inserted with a javascript embedded in the 2nd to last trackback.

Add a Comment

All comments are moderated before publication. These HTML tags are permitted: <p>, <b>, <i>, <a>, and <blockquote>. This site is protected by reCAPTCHA (for which the Google Privacy Policy and Terms of Service apply).