# Website: www.mit.edu
# Date: 08.01.10
# Bug: Cross Site Scripting (XSS)
#####################################
Search box vulnerable to XSS... after September, got really bored of XSS/SQL/RFI... that's why I took a break... but still, couldn't resist taking a shot at MIT Press ;)
So here goes the first post, for the new year - 2010
Vuln URL: hxxp://mitpress.mit.edu/catalog/search/default.asp
Click here for XSS demo
Solution: Try and validate input ... it's not good practice to let XSS through, for I recently investigated cases where XSS was used to install malicious code on to client systems for further access.
Cheers,
Kish :)
No comments:
Post a Comment