ISACA Chennai Chapter website susceptible to XSS and Information Disclosure

I was browsing through ISACA website and incidentally arrived at Chennai Chapter. I was surprised to see that it was vulnerable to XSS. However it was not severe in nature and was reflected one but these things actually hurt the image of an organization. Moreover it was delicately leaking the internal information. This is so user friendly that you can see the errors by clicking on 'Show error' link.
Following are screenshots:

Cross-Site Scripting


Improper Error Handling

Comments

Popular posts from this blog

SQL Injection in search field

File Upload through Null Byte Injection