West Bengal Web Coding Standards (WBWCS) !

###################################
# Website: http://www.wbhealth.gov.in
# Bug: XSS
# Date: 22.12.08
##################################

Vulnerable URL: hxxp://www.wbhealth.gov.in (Site-Search feature)
Pages: site_search.asp, and site_search_result.asp

Text book style XSS for you ladies and gentlemen

Courtesy: Hash Technologies presents West Bengal Web Coding Standards (WBWCS) !

Fix input validation in the search box for god's sake before people ruin the website.

Cheers :)
Kish

And it is such a mystery ;)

And it is such a mystery why HSBC bank gets whacked, and phished a lot...


They've not fixed the bug (XSS) just yet, which was posted 3 months earlier...

OMG, Fixed ?

Well well well ... something unexpected ... NASA & WebSense have Fix'd the bugs which is a positive move.

Maybe full disclosure, and old-school publicity forces people to fix ? ... You bet it does ;)

Cheers :)
Kish

HSBC Bank - XSS

###################################
# Website: http://www.hsbc.com
# (The world's phishing bank)
# Bug: XSS
# Date: 11.09.08
##################################

Vulnerable URL: hxxp://www.hsbc.com/1/2/exit-hsbc?type=1&url=

Click here for the XSS Demo

Bank websites are ones that are most targetted, reckless filtering *shrugs*

Cheers :)
Kish

Websense Security Labs - XSS

###################################
# Website: http://www.websense.com
# (Security Labs)
# Bug: XSS
# Date: 26.08.08
##################################

Vulnerable URL: hxxp://securitylabs.websense.com/content/alerts.aspx

Click here for the XSS demo

Bad filtering from a web-security company ... *shrugs*

Cheers :)
Kish

Frame Redirection in India.gov.in

###################################
# Website: http://www.india.gov.in
# Bug: Frame Redirection
# Date: 30.03.08
##################################

Vulnerable URL: hxxp://india.gov.in/outerwin.htm

Click here for frame redirect demo

Cheers :)
Kish

XSS in NASA website

Advisory #1 (2008)

#############################
# Website: www.nasa.gov
# Bug: XSS - Cross Site Scripting
# Date: 25.03.08
#############################

Vulnerable URL: hxxp://search.nasa.gov/search/search

Click here for demo (XSS)

Fix: Validate input correctly for each and every dynamic parameter on the page. Also check the ISAPI filters, for we're still out here and looking ...

Cheers :)
Kish

Blog Intro

Hi guys,

Introducing (IN)secure Times blog, a project from the makers of Crimemachine.This blog is going to serve as dumping space for new bugs, especially throwaway bugs such as XSS, SQL Injection, Remote File Includes, and other types of web based bugs which are ***very very dangerous***

Only time will tell how insecure the world is ... ;)

*Coughs*

Kish !