NineMSN Flights XSS Vulnerability

10 Nov 2012

After browsing around on the NineMSN website for a little while (for about 10 minutes) I found a XSS vulnerability on a very common page. The NineMSN flights page is located here: The page did not sanitise input from the depart and return input. The form was expecting a date but any string could…read more.

No Comments

Posted in XSS XSS Vulnerabilities

06 Oct 2012

iiNet, a major ISP in Australia seems to be a little less secure than they claim they are. After merely searching for XSS vulnerabilities on their website for 5 minutes, I had found these two vulnerabilities. Two non-persistent vulnerabilities, one surprisingly located in iiNet’s main search page. Here is the main search page vulnerability: Code:…read more.

No Comments

Posted in XSS