Cross site scripting (XSS/CSS) with RSS feeds
CSRF with RSS feeds
Cross Site Request Forgery is another attack vector that can be exploited through RSS feeds. If a feed is injected with certain HTML tags like or any other tags that allow cross domain calls, these calls replay the cookie causing a CSRF exploit to be run. CSRF attacks expand possibilities for exploits to be run on financial applications that are vulnerable. An attacker has greater opportunity since the target set and scope is defined.
Consider a financial portal for banking operations application that runs with an RSS feed reader component. This component has a set of applications for trading and other services running on different domains. One of these domain applications is vulnerable to CSRF and shares the “single sign on” methods either by cookie or by a common database access. In this case, an attacker can craft an RSS feed in a way that is best suited for CSRF exploitation over broad range CSRF exploit distribution for maximum effect. Targeting RSS feed readers can help in leveraging this attack vector when the end user can be identified.