{"id":19,"date":"2014-03-14T07:48:23","date_gmt":"2014-03-14T02:48:23","guid":{"rendered":"http:\/\/www.chmosama.com\/blog\/?p=19"},"modified":"2017-12-24T15:17:58","modified_gmt":"2017-12-24T10:17:58","slug":"cross-site-scripting-xss-found-in-goanimate","status":"publish","type":"post","link":"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/","title":{"rendered":"Cross Site Scripting (XSS) Found in GoAnimate"},"content":{"rendered":"

Ch. Muhammad Osama, an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in GoAnimate website www.goanimate.com, which can be exploited by an attacker to conduct XSS attacks.<\/p>\n

Cross-Site Scripting\u00a0:-<\/strong><\/p>\n

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.<\/p>\n

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user\u2019s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.<\/p>\n

Proof of Concept :-<\/strong><\/p>\n

URL :-\u00a0POC Link Here<\/a><\/p>\n

\"goanimate-poc-firefox\"<\/p>\n

\"goanimate-poc-ie\"<\/p>\n

Conclusion :-<\/strong><\/p>\n

This vulnerability has been confirmed and patched by GoAnimate\u00a0Security Team. I would like to thank them for their quick response to my report.<\/p>\n

\"goanimate-hof\"<\/p>\n

Status : Fixed!<\/strong>
\nHall of Fame : Yes!<\/strong>
\nBounty: No!<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Ch. Muhammad Osama, an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in GoAnimate website www.goanimate.com, which can be exploited by an attacker to conduct XSS attacks. Cross-Site Scripting\u00a0:- Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and […]<\/p>\n","protected":false},"author":1,"featured_media":20,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[10,6,8,7],"class_list":["post-19","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-poc","tag-goanimate","tag-poc","tag-vulnerability","tag-xss"],"yoast_head":"\nCross Site Scripting (XSS) Found in GoAnimate - Blog - Choudhary Muhammad Osama<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cross Site Scripting (XSS) Found in GoAnimate - Blog - Choudhary Muhammad Osama\" \/>\n<meta property=\"og:description\" content=\"Ch. Muhammad Osama, an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in GoAnimate website www.goanimate.com, which can be exploited by an attacker to conduct XSS attacks. Cross-Site Scripting\u00a0:- Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Choudhary Muhammad Osama\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/chmosama\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/chmosama\" \/>\n<meta property=\"article:published_time\" content=\"2014-03-14T02:48:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-12-24T10:17:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/goanimate.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Choudhary Muhammad Osama\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ChMuhammadOsama\" \/>\n<meta name=\"twitter:site\" content=\"@ChMuhammad\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Choudhary Muhammad Osama\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/\",\"url\":\"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/\",\"name\":\"Cross Site Scripting (XSS) Found in GoAnimate - Blog - Choudhary Muhammad Osama\",\"isPartOf\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/goanimate.jpg\",\"datePublished\":\"2014-03-14T02:48:23+00:00\",\"dateModified\":\"2017-12-24T10:17:58+00:00\",\"author\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/#primaryimage\",\"url\":\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/goanimate.jpg\",\"contentUrl\":\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/goanimate.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"goanimate\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.chmosama.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cross Site Scripting (XSS) Found in GoAnimate\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/#website\",\"url\":\"https:\/\/www.chmosama.com\/blog\/\",\"name\":\"Blog - Choudhary Muhammad Osama\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.chmosama.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7\",\"name\":\"Choudhary Muhammad Osama\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g\",\"caption\":\"Choudhary Muhammad Osama\"},\"description\":\"This is Choudhary Muhammad Osama, a highly accomplished Penetration Tester, Security Analyst and Linux Administration enthusiast, with extensive experience in implementing, maintaining, securing and pentesting web applications and networks.\",\"sameAs\":[\"https:\/\/www.chmosama.com\",\"https:\/\/www.facebook.com\/chmosama\",\"https:\/\/x.com\/ChMuhammadOsama\"],\"url\":\"http:\/\/www.chmosama.com\/blog\/author\/chmosama\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cross Site Scripting (XSS) Found in GoAnimate - Blog - Choudhary Muhammad Osama","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/","og_locale":"en_US","og_type":"article","og_title":"Cross Site Scripting (XSS) Found in GoAnimate - Blog - Choudhary Muhammad Osama","og_description":"Ch. Muhammad Osama, an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in GoAnimate website www.goanimate.com, which can be exploited by an attacker to conduct XSS attacks. Cross-Site Scripting\u00a0:- Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and […]","og_url":"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/","og_site_name":"Blog - Choudhary Muhammad Osama","article_publisher":"https:\/\/www.facebook.com\/chmosama","article_author":"https:\/\/www.facebook.com\/chmosama","article_published_time":"2014-03-14T02:48:23+00:00","article_modified_time":"2017-12-24T10:17:58+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/goanimate.jpg","type":"image\/jpeg"}],"author":"Choudhary Muhammad Osama","twitter_card":"summary_large_image","twitter_creator":"@ChMuhammadOsama","twitter_site":"@ChMuhammad","twitter_misc":{"Written by":"Choudhary Muhammad Osama","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/","url":"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/","name":"Cross Site Scripting (XSS) Found in GoAnimate - Blog - Choudhary Muhammad Osama","isPartOf":{"@id":"https:\/\/www.chmosama.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/#primaryimage"},"image":{"@id":"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/#primaryimage"},"thumbnailUrl":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/goanimate.jpg","datePublished":"2014-03-14T02:48:23+00:00","dateModified":"2017-12-24T10:17:58+00:00","author":{"@id":"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7"},"breadcrumb":{"@id":"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/#primaryimage","url":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/goanimate.jpg","contentUrl":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/goanimate.jpg","width":1920,"height":1080,"caption":"goanimate"},{"@type":"BreadcrumbList","@id":"https:\/\/www.chmosama.com\/blog\/cross-site-scripting-xss-found-in-goanimate\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.chmosama.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Cross Site Scripting (XSS) Found in GoAnimate"}]},{"@type":"WebSite","@id":"https:\/\/www.chmosama.com\/blog\/#website","url":"https:\/\/www.chmosama.com\/blog\/","name":"Blog - Choudhary Muhammad Osama","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.chmosama.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7","name":"Choudhary Muhammad Osama","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g","caption":"Choudhary Muhammad Osama"},"description":"This is Choudhary Muhammad Osama, a highly accomplished Penetration Tester, Security Analyst and Linux Administration enthusiast, with extensive experience in implementing, maintaining, securing and pentesting web applications and networks.","sameAs":["https:\/\/www.chmosama.com","https:\/\/www.facebook.com\/chmosama","https:\/\/x.com\/ChMuhammadOsama"],"url":"http:\/\/www.chmosama.com\/blog\/author\/chmosama\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts\/19","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/comments?post=19"}],"version-history":[{"count":2,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts\/19\/revisions"}],"predecessor-version":[{"id":205,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts\/19\/revisions\/205"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/media\/20"}],"wp:attachment":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/media?parent=19"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/categories?post=19"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/tags?post=19"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}