Posts Tagged ‘search’

CSE.UNSW.EDU.AU XSS Vulnerability

08 Sep 2014

The staff search page does not sanitise the input of the ID field allowing an XSS attack to be executed.


UNSW (CSE) XSS Vulnerability




No Comments

Posted in XSS XSS Vulnerability

03 Sep 2014

The help document search form on does not correctly sanitise user input allowing an XSS attack to be executed.

The follow symbols are converted to to their URL encoded counterparts: ‘<‘, ‘>‘, ‘/
Evasion string used (before encoding):  /><script>alert(/XSS/)</script> XSS Vulnerability

No Comments

Posted in XSS XSS Vulnerabilities

06 Oct 2012

iiNet, a major ISP in Australia seems to be a little less secure than they claim they are. After merely searching for XSS vulnerabilities on their website for 5 minutes, I had found these two vulnerabilities. Two non-persistent vulnerabilities, one surprisingly located in iiNet’s main search page.

Here is the main search page vulnerability:

iiNet Search Page XSS



This is another vulnerability on the iiNet Freezone main page:

iiNet Freezone XSS vulnerability



I have reported the above vulnerabilities to iiNet and have gotten no response. Hopefully they will fix the vulnerabilities in the near future.

No Comments

Posted in XSS