Tuesday, January 27, 2009

NASA fixed the XSS

Well, well, well, it is that time of the day again, when a demo on NASA fails ... ;)

They fixed the bug in 3 days, which is not bad ...

Cheers,
Kish
Posted by at No comments:
Labels: , , , , , , , , ,

Saturday, January 24, 2009

XSS in NASA website, again

#########################################
# Website: http://www.nasa.gov
# It's time to know more about astronauts and gravity
# Bug: XSS
# Date: 24.01.09
########################################


Vulnerable URL: hxxp://astrogravs.nasa.gov

Click here for the demo

Fix input validation in the page.

Cheers :)
Kish
Posted by at No comments:
Labels: , , , , , , , , ,

Thursday, January 22, 2009

XSS in Facebook

###################################
# Website: http://www.facebook.com
# It's free and anyone can hack !
# Bug: XSS
# Date: 22.01.09
##################################


Vulnerable URL: hxxp://apps.facebook.com/skillzbase/

Click here for the XSS Demo

Fix input validation in the app

Social networking websites are targetted a lot these days, reckless filtering *shrugs*

Cheers :)
Kish

Date: 24.01.09
Update: The bug has been fixed by Facebook, Full disclosure - We believe in it !
Posted by at No comments:
Labels: , , , , , , , , , , ,

Thursday, January 15, 2009

XSS in DMOZ Search

Advisory #1 (2009)


############################
# Website: dmoz.org
# Bug: HTML Injection, XSS
# Date: 15.01.09
###########################

Vulnerable URL: http://search.dmoz.org/cgi-bin/search?search=

Click here for a demo

Next screenshot to show the presence of XSS bug


Click here for demo

Fix input validation in these pages for better security.

Cheers,
Kish
Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)