HTML Injection in Symantec.com

By Yogesh




Title : HTML Injection in Symantec.com
Vuln URL : http://www.symantec.com/business/support/index?page=content&id=
Author : Yogesh D Jaygadkar
Reported : July 02, 2012
Fixed : July 03, 2013
Public Released : July 03, 2013
OS : Win7, Win XP, Ubuntu



Description:

HTML injection is a type of attack focused upon the way HTML content is generated and interpreted by browsers at client side.so if an attacker embeds html/script tags such <html>,<SCRIPT>, <OBJECT>, <APPLET>, or <EMBED> into a web site, the web browser's JavaScript engine will execute it.

While searching about some anti-virus related information i found that Symantec Antivirus official website is vulnerable to HTML Injection. Attacker can add HTML Tags into URL to execute html code on website.


Screenshot 1 :



Screenshot 2 :


Comments

Post a Comment

Popular posts from this blog

Quick internet sharing - Laptop to mobile

By Yogesh
Image
Hey all, If you want to share your Laptop internet with your mobile device without using any third party tool & that too in couple of steps, yeah, very quickly ;), then follow the below given steps. Step 1. Open Command Prompt, as an Administrator, Step 2. Enter below given commands. Command 1. netsh wlan set hostednetwork mode=allow ssid=abcd key=10 Digit Key Note : ssid can be any name which will get displayed as wifi network.            Key can be any 10 Digit numbers. For Ex. 0000000000 Command 2. netsh wlan start hostednetwork Step 3. Go to the properties of your Local Area Connection which is connected to the Internet. Then Click on Sharing tab And select the check box under "Internet connection sharing". Now Select the network which we created using commands. [here, abcd ]. Click OK Done ;) Now you can Join the wifi internet from your mobile device.
Read more

PayPal : User Credit Card Information Disclosure

By Yogesh
Image
Okay... So, here is another one old & duplicate bug from PayPall , which I reported looooong back. I have found some strange results of api-3t.sandbox.paypal.com. This sub domain is storing all credit card information of paypal user in URL. Below is the google dork for finding such “stored” CC details. Google Dork: site:sandbox.paypal.com inurl:CVV2= Google results are not much, nearly 80, but still harmful as sensitive user information is getting leaked.
Read more

Password Reset Vulnerability in etsy.com

By Yogesh
Image
Title :  Password Reset Vulnerability in etsy.com Vuln URL :  https://www.etsy.com/confirm.php?email= Author : Yogesh D Jaygadkar Reported : December 30, 2012 Fixed : December 30, 2012 Public Released :  Jan 08, 2013   Description : In etsy.com, when users reset their password, they receives password reset link which is as below. https://www.etsy.com/confirm.php?email=[User Email ID]&code=[Token code]&action=reset_password&utm_source=account&utm_medium=trans_email&utm_campaign=forgot_password_1 When I received this mail, I started playing with this link. I noticed that token is not getting validated from server side. So I removed it & tested with my own id.  Final POC : https://www.etsy.com/confirm.php?email=[victim user's email ID]&action=reset_password&utm_source=account&utm_medium=trans_email&utm_campaign=forgot_password_1 And Password changed successfully.   Finally I
Read more