AVG and ESET have fixed their respective XSS vulnerabilities, and it is good !
Full disclosure - We believe in it !
Cheers!
Showing posts with label AVG. Show all posts
Showing posts with label AVG. Show all posts
Friday, March 27, 2009
Wednesday, March 11, 2009
Advisory updates: Q1 2009 and a few more ...
Advisory updates, First Quarter, 2009, and a few from 2008.
DMOZ search's xss was found 2 months back... and NASA's XSS at Goddard space flight center, was exactly a month ago...
The other findings, from Myspace, AVG antivirus, and ESET antivirus websites, are also not fixed ... considering that these websites have a good user base, and are expected to fix quickly.
HSBC haven't fixed their bug just yet ... but it is obvious, they're a bank and they want money... not security ;)
The Indian government website, has removed the page having input sanitization problems, instead of fixing it... still not bad ... they've taken some measures to stay at bay ...
Cheers :)
Kish
DMOZ search's xss was found 2 months back... and NASA's XSS at Goddard space flight center, was exactly a month ago...
The other findings, from Myspace, AVG antivirus, and ESET antivirus websites, are also not fixed ... considering that these websites have a good user base, and are expected to fix quickly.
HSBC haven't fixed their bug just yet ... but it is obvious, they're a bank and they want money... not security ;)
The Indian government website, has removed the page having input sanitization problems, instead of fixing it... still not bad ... they've taken some measures to stay at bay ...
Cheers :)
Kish
Monday, March 9, 2009
XSS in AVG website
#########################################
# Website: http://www.avg.com
# Bug: XSS
# Date: 09.03.09
########################################
Vuln URL: hxxp://www.avg.com
Screenshot
Click here for the demo
The AV vendors have failed to secure their websites, and their saga of web bugs, ranging from sql injection, earlier demonstrated by Romanian hackers, to the XSS bugs we're demonstrating will continue...
Fix input validation in your pages, the page affected is their "license" page...
Cheers :)
Kish
# Website: http://www.avg.com
# Bug: XSS
# Date: 09.03.09
########################################
Vuln URL: hxxp://www.avg.com
Screenshot
Click here for the demoThe AV vendors have failed to secure their websites, and their saga of web bugs, ranging from sql injection, earlier demonstrated by Romanian hackers, to the XSS bugs we're demonstrating will continue...
Fix input validation in your pages, the page affected is their "license" page...
Cheers :)
Kish
Subscribe to:
Posts (Atom)