# Website: http://blogs.zdnet.com
# "Say hello to the experts"
# Bug: HTML Injection, XSS
# Date: 03.05.09
############################
Vuln URL: hxxp://blogs.zdnet.com

Click here to see the demo
Please advise people about web-application vulnerabilities, after you've fixed them ! *coughs*
Talking about input validation, their email form is a bad example... and can I use it to send my friend an email ? You bet... it's free email spoofing service, courtesy of ZDnet ;))
Cheers,
Kish
No comments:
Post a Comment