Monday, March 9, 2009

XSS in AVG website

#########################################
# Website: http://www.avg.com
# Bug: XSS
# Date: 09.03.09
########################################

Vuln URL: hxxp://www.avg.com

Screenshot

Click here for the demo

The AV vendors have failed to secure their websites, and their saga of web bugs, ranging from sql injection, earlier demonstrated by Romanian hackers, to the XSS bugs we're demonstrating will continue...

Fix input validation in your pages, the page affected is their "license" page...

Cheers :)
Kish

No comments: