Thursday, January 7, 2010

MIT Press - XSS - Happy new year to one and all !

######################################
# Website: www.mit.edu
# Date: 08.01.10
# Bug: Cross Site Scripting (XSS)
#####################################

Search box vulnerable to XSS... after September, got really bored of XSS/SQL/RFI... that's why I took a break... but still, couldn't resist taking a shot at MIT Press ;)

So here goes the first post, for the new year - 2010

Vuln URL: hxxp://mitpress.mit.edu/catalog/search/default.asp


Click here for XSS demo

Solution: Try and validate input ... it's not good practice to let XSS through, for I recently investigated cases where XSS was used to install malicious code on to client systems for further access.

Cheers,
Kish :)

No comments: