Showing posts from October, 2009

netcraft tool bar detects XSS

I installed the netcraft toolbar few times back to just be able to detect phishing sites. Moreover it also gives you the information like-- Risk rating, When it was started,rank of the page in terms of popularity and Country where it is originated from--about the site you are visiting.

But to my surprise it was quite useful in detecting XSS too. I was visiting a site I had previously detected XSS issue in it. As soon as the page loads the netcraft tool throws a message:
"The Page you are trying to visit is using Cross-Site Scripting(XSS).This is commonly used in Phishing Attack.Do you still want to go there?"

and then the site is categorized as Phishing site.

ISACA Chennai Chapter website susceptible to XSS and Information Disclosure

I was browsing through ISACA website and incidentally arrived at Chennai Chapter. I was surprised to see that it was vulnerable to XSS. However it was not severe in nature and was reflected one but these things actually hurt the image of an organization. Moreover it was delicately leaking the internal information. This is so user friendly that you can see the errors by clicking on 'Show error' link.
Following are screenshots:

Cross-Site Scripting

Improper Error Handling