Monday, March 9, 2009

XSS in Myspace

#########################################
# Website: http://www.myspace.com
# Bug: XSS
# Date: 09.03.09
########################################

Vuln URL: hxxp://www.myspace.com/Modules/PostTo/Pages/DefaultV1.aspx

Screenshot



Click here for XSS demo

Fix input validation in the page, social networks are my turf !

Cheers :)
Kish
Posted by at No comments:
Labels: , , , , , , , , , ,

Wednesday, March 4, 2009

XSS in ESET website

#########################################
# Website: http://www.eset.com
# Bug: XSS
# Date: 04.03.09
########################################



Vulnerable URL: hxxp://kb.eset.com

Click here for the demo

Fix input validation in the page, antivirus vendors are supposed to be careful, atleast, I thought so !

This is a special advisory, Dedicated to Digi (Crimemachine,Founder), my very good friend, and fellow hacker, who is an ardent supporter of ESET products, the antivirus especially, for the heur et al.

Cheers :)
Kish
Posted by at No comments:
Labels: , , , , , , , , ,

Tuesday, February 10, 2009

Fresh stock: XSS in NASA

###############################
# Website: http://www.nasa.gov
# Open source & NASA
# Bug: XSS
# Date: 10.02.09
#############################



Vulnerable URL: hxxp://opensource.gsfc.nasa.gov/feedback.php
Post based XSS: any field

Click here for POST request

Fix input validation in all the fields...

Cheers,
Kish
Posted by at No comments:
Labels: , , , , , , , , , ,

Tuesday, January 27, 2009

NASA fixed the XSS

Well, well, well, it is that time of the day again, when a demo on NASA fails ... ;)

They fixed the bug in 3 days, which is not bad ...

Cheers,
Kish
Posted by at No comments:
Labels: , , , , , , , , ,

Saturday, January 24, 2009

XSS in NASA website, again

#########################################
# Website: http://www.nasa.gov
# It's time to know more about astronauts and gravity
# Bug: XSS
# Date: 24.01.09
########################################


Vulnerable URL: hxxp://astrogravs.nasa.gov

Click here for the demo

Fix input validation in the page.

Cheers :)
Kish
Posted by at No comments:
Labels: , , , , , , , , ,

Thursday, January 22, 2009

XSS in Facebook

###################################
# Website: http://www.facebook.com
# It's free and anyone can hack !
# Bug: XSS
# Date: 22.01.09
##################################


Vulnerable URL: hxxp://apps.facebook.com/skillzbase/

Click here for the XSS Demo

Fix input validation in the app

Social networking websites are targetted a lot these days, reckless filtering *shrugs*

Cheers :)
Kish

Date: 24.01.09
Update: The bug has been fixed by Facebook, Full disclosure - We believe in it !
Posted by at No comments:
Labels: , , , , , , , , , , ,

Thursday, January 15, 2009

XSS in DMOZ Search

Advisory #1 (2009)


############################
# Website: dmoz.org
# Bug: HTML Injection, XSS
# Date: 15.01.09
###########################

Vulnerable URL: http://search.dmoz.org/cgi-bin/search?search=

Click here for a demo

Next screenshot to show the presence of XSS bug


Click here for demo

Fix input validation in these pages for better security.

Cheers,
Kish
Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)