Wednesday, 4 July 2007

Just another XSS vuln affecting Digg. Zuppergazi - a very active author - discovered it and notified us. Although we could not reproduce the last XSS in Digg (the reason being that it was promptly fixed), this time we were able to mirror it, and want to believe that the author has already contacted their staff in order to let them know about the issue.

Saturday, 23 June 2007

This is not the first time that PayPal is vulnerable to cross-site scripting... 142TeeTH has discovered and submitted to us the two XSS vulnerabilities affecting PayPal.com. According to him, PayPal's technical staff are already aware of the issues.

Saturday, 23 June 2007

Susam Pal and Vipul Agarwal published today an interesting advisory about some vulnerabilities affecting Orkut - the famous social networking website, owned by Google. They state two things... Updated: July, 2nd 2007

Wednesday, 16 May 2007

Sid from whiteacid.org has coded an "XSS Assistant" script for the Greasemonkey firefox extension. From its homepage: "The goal of this script is to allow users to easily test any web for cross-site-scripting flaws. The script aims to do this by providing an easy to use menu by any form. It should be noted that although I may refer only to forms for the rest of the description, the script does also allow the user to test the current variables in the url bar for cross site scripting flaws.

Sunday, 29 April 2007

Redirect vulnerabilities are scripts which allow redirecting to an external site by directly calling a specific URL. These issues are often due to incorrect input validation, but are usually seen as a feature to redirect users.

Thursday, 26 April 2007

As you have probably noticed, a new section is now available on XSSed: the "TOP pagerank"  - or top traffic rank - which includes the list of the top 300 sites with XSS. We encourage everybody to find XSS or other vulnerabilities affecting the users of the top most visited web sites in order to secure them. This will prevent users from falling victims of XSS or phishing attacks.

1 2 3 4 5 6 7 8 9 10 11 12 13