RSS
 

Posts Tagged ‘subscription’

Mashable XSS Vulnerability

08 Sep 2014

The Mashable subscription script has a flaw where it doesn’t properly sanitize the email field, allowing an invalid email address to be displayed directly on an error page.

This oversight can be exploited by injecting malicious code into the email field, potentially leading to a Cross-Site Scripting (XSS) attack. For instance, an attacker could create a URL that runs harmful JavaScript in the user’s browser, opening the door to session hijacking, data theft, or other malicious activities.

To prevent issues like this, it’s essential for developers to validate and sanitize all user inputs. In this case, ensuring that the email input is properly filtered and encoded before it’s shown on the error page would block XSS attacks.

 

Mashable XSS Vulnerability

Vulnerable url:

 
No Comments

Posted in XSS

 

ABC Mail XSS Vulnerability

08 Sep 2014

The ABC Mail subscription script fails to sanitise the email field or check that a valid email was provided. An attack can easily be executed as the unsanitized “invalid email” is printed on the produced error page.

ABC Mail XSS Vulnerability
Code:

 
No Comments

Posted in XSS