Tuesday, July 3, 2012

HTML Injection in Symantec.com

Posted by Yogesh  
Tagged as:
8:03 AM




Title : HTML Injection in Symantec.com
Vuln URL : http://www.symantec.com/business/support/index?page=content&id=
Author : Yogesh D Jaygadkar
Reported : July 02, 2012
Fixed : July 03, 2013
Public Released : July 03, 2013
OS : Win7, Win XP, Ubuntu



Description:

HTML injection is a type of attack focused upon the way HTML content is generated and interpreted by browsers at client side.so if an attacker embeds html/script tags such <html>,<SCRIPT>, <OBJECT>, <APPLET>, or <EMBED> into a web site, the web browser's JavaScript engine will execute it.

While searching about some anti-virus related information i found that Symantec Antivirus official website is vulnerable to HTML Injection. Attacker can add HTML Tags into URL to execute html code on website.


Screenshot 1 :



Screenshot 2 :


0 comments:

What they says

Proudly Powered by Blogger.
back to top