RSS
 

ABC Mail XSS Vulnerability

08 Sep 2014

The ABC Mail subscription script fails to sanitise the email field or check that a valid email was provided. An attack can easily be executed as the unsanitized “invalid email” is printed on the produced error page. Code:

 
No Comments

Posted in XSS

 

Backlinks.com XSS Vulnerability

03 Sep 2014

The help document search form on Backlinks.com does not correctly sanitise user input allowing an XSS attack to be executed. The follow symbols are converted to to their URL encoded counterparts: ‘<‘, ‘>‘, ‘/‘ Evasion string used (before encoding):  /><script>alert(/XSS/)</script>

 
No Comments

Posted in XSS

 

NineMSN Flights XSS Vulnerability

10 Nov 2012

After browsing around on the NineMSN website for a little while (for about 10 minutes) I found a XSS vulnerability on a very common page. The NineMSN flights page is located here: http://flights.ninemsn.com.au/ The page did not sanitise input from the depart and return input. The form was expecting a date but any string could…read more.

 
No Comments

Posted in XSS

 

iiNet.net.au XSS Vulnerabilities

06 Oct 2012

iiNet, a major ISP in Australia seems to be a little less secure than they claim they are. After merely searching for XSS vulnerabilities on their website for 5 minutes, I had found these two vulnerabilities. Two non-persistent vulnerabilities, one surprisingly located in iiNet’s main search page. Here is the main search page vulnerability: Code:…read more.

 
No Comments

Posted in XSS