Title : HTML Injection in Symantec.com
Vuln URL : http://www.symantec.com/business/support/index?page=content&id=
Author : Yogesh D Jaygadkar
Reported : July 02, 2012
Fixed : July 03, 2013
Public Released : July 03, 2013
OS : Win7, Win XP, Ubuntu
Description:
HTML injection is a type of attack focused upon the way HTML content is generated and interpreted by browsers at client side.so if an attacker embeds html/script tags such <html>,
<SCRIPT>, <OBJECT>, <APPLET>, or <EMBED> into a web site, the web browser's JavaScript engine will execute it.While searching about some anti-virus related information i found that Symantec Antivirus official website is vulnerable to HTML Injection. Attacker can add HTML Tags into URL to execute html code on website.
Screenshot 1 :
Screenshot 2 :
About the Author
0 comments: