HSBC Bank - XSS

###################################
# Website: http://www.hsbc.com
# (The world's phishing bank)
# Bug: XSS
# Date: 11.09.08
##################################

Vulnerable URL: hxxp://www.hsbc.com/1/2/exit-hsbc?type=1&url=

Click here for the XSS Demo

Bank websites are ones that are most targetted, reckless filtering *shrugs*

Cheers :)
Kish

Websense Security Labs - XSS

###################################
# Website: http://www.websense.com
# (Security Labs)
# Bug: XSS
# Date: 26.08.08
##################################

Vulnerable URL: hxxp://securitylabs.websense.com/content/alerts.aspx

Click here for the XSS demo

Bad filtering from a web-security company ... *shrugs*

Cheers :)
Kish

Frame Redirection in India.gov.in

###################################
# Website: http://www.india.gov.in
# Bug: Frame Redirection
# Date: 30.03.08
##################################

Vulnerable URL: hxxp://india.gov.in/outerwin.htm

Click here for frame redirect demo

Cheers :)
Kish

XSS in NASA website

Advisory #1 (2008)

#############################
# Website: www.nasa.gov
# Bug: XSS - Cross Site Scripting
# Date: 25.03.08
#############################

Vulnerable URL: hxxp://search.nasa.gov/search/search

Click here for demo (XSS)

Fix: Validate input correctly for each and every dynamic parameter on the page. Also check the ISAPI filters, for we're still out here and looking ...

Cheers :)
Kish

Blog Intro

Hi guys,

Introducing (IN)secure Times blog, a project from the makers of Crimemachine.This blog is going to serve as dumping space for new bugs, especially throwaway bugs such as XSS, SQL Injection, Remote File Includes, and other types of web based bugs which are ***very very dangerous***

Only time will tell how insecure the world is ... ;)

*Coughs*

Kish !