Advertisements

MySpace gets XSSed again

Written by KF

Tuesday, 22 January 2008

Rosario Valotta sent us an interesting article about his discovery on MySpace. It looks like MySpace has launched a mobile version of its portal, this version allows visitors to do pretty much everything, including editing your profile, however this version does absolutely the contrary than the main portal: it filters outputs (when printing the profile content), while the main portal filters inputs (when inserting/modifying profile entries).


read more...

ScanAlert's "Hacker Safe" badge not so safe and PCI compliant

Written by DP

Monday, 21 January 2008

Security analyst Russ McRee from Seattle, has posted on his blog why "Hacker Safe" certified websites are not so safe. He has proved against McAfee's statement about the service, which says about web application scans: "the web site is then "deep crawled," including flash embedded links and password protected pages, to find forms and other potentially dangerous "interactive elements." These are then exercised in specific ways to disclose any application-level vulnerabilities such as code revelation, cross-site scripting and SQL injection..."


read more...

Skype cross-zone scripting vulnerability leads to remote code execution

Written by DP

Friday, 18 January 2008

Miroslav Lučinskij of Lithuanian Critical Security team, has shared on full disclosure the details of a new XSS which affects one of the features of Skype. Furthermore, this feature allows the user to add a video into his mood status.


read more...

XSS used by phishers on an Italian Bank's website

Written by DP

Thursday, 10 January 2008

When XSS vulnerabilities on bank websites are exploited by phishers, is too late to undo the unwanted consequences. According to the news by Paul Mutton of Netcraft, fraudsters used a cross-site scripting vulnerability on the website of Banca Fideuram S.p.A. to spread a phishing scam aiming to steal the account details of customers.


read more...

Happy New Year 2008!

Written by DP and KF

Wednesday, 2 January 2008

Dear XSSed users, Our best wishes for a happy, healthy, secure and prosperous new year for you and your families. :-) Dimitris and Kevin.


read more...

XSS worm hits Orkut

Written by KF

Thursday, 20 December 2007

Yesterday, a XSS worm hit Orkut - the famous social networking website, owned by Google. According to some reports, it seems that the permanent XSS (Script Insertion) was found in the HTML messages feature of the "Scrapbook" page, which allows members to leave messages on someone else's profile.


read more...

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 

 

45884 total xss
14724 special xss
3026 fixed
5027 xss onhold
2788 EW subscribers

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.