Showing posts with label dmoz. Show all posts
Showing posts with label dmoz. Show all posts

Wednesday, March 11, 2009

Advisory updates: Q1 2009 and a few more ...

Advisory updates, First Quarter, 2009, and a few from 2008.



DMOZ search's xss was found 2 months back... and NASA's XSS at Goddard space flight center, was exactly a month ago...

The other findings, from Myspace, AVG antivirus, and ESET antivirus websites, are also not fixed ... considering that these websites have a good user base, and are expected to fix quickly.

HSBC haven't fixed their bug just yet ... but it is obvious, they're a bank and they want money... not security ;)

The Indian government website, has removed the page having input sanitization problems, instead of fixing it... still not bad ... they've taken some measures to stay at bay ...

Cheers :)
Kish
Posted by at No comments:
Labels: , , , , , , , , , , , , , , , ,

Thursday, January 15, 2009

XSS in DMOZ Search

Advisory #1 (2009)


############################
# Website: dmoz.org
# Bug: HTML Injection, XSS
# Date: 15.01.09
###########################

Vulnerable URL: http://search.dmoz.org/cgi-bin/search?search=

Click here for a demo

Next screenshot to show the presence of XSS bug


Click here for demo

Fix input validation in these pages for better security.

Cheers,
Kish
Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)