PayPal XSS adventure has finally come to an end

Written by DP

Sunday, 8 July 2007

What is wrong with PayPal lately? I am a bit surprised that PayPal was until yesterday vulnerable to that XSS vuln which was submitted by 142TeeTH on the 22th of June... Until early today, no prompt action was taken whatsoever by PayPal. Discovering security vulnerabilities in the largest online payment processor was never too easy - even underestimated ones like XSS.

Just another summer XSS in Digg.com

Written by DP

Wednesday, 4 July 2007

Just another XSS vuln affecting Digg. Zuppergazi - a very active author - discovered it and notified us. Although we could not reproduce the last XSS in Digg (the reason being that it was promptly fixed), this time we were able to mirror it, and want to believe that the author has already contacted their staff in order to let them know about the issue.

PayPal is again vulnerable to XSS

Written by DP

Saturday, 23 June 2007

This is not the first time that PayPal is vulnerable to cross-site scripting... 142TeeTH has discovered and submitted to us the two XSS vulnerabilities affecting PayPal.com. According to him, PayPal's technical staff are already aware of the issues.

Orkut vulnerable to 2 user authentication issues

Written by KF

Friday, 22 June 2007

Susam Pal and Vipul Agarwal published today an interesting advisory about some vulnerabilities affecting Orkut - the famous social networking website, owned by Google. They state two things... Updated: July, 2nd 2007

XSS Assistant script for Firefox helps finding XSS holes

Written by KF

Wednesday, 16 May 2007

Sid from whiteacid.org has coded an "XSS Assistant" script for the Greasemonkey firefox extension. From its homepage: "The goal of this script is to allow users to easily test any web for cross-site-scripting flaws. The script aims to do this by providing an easy to use menu by any form. It should be noted that although I may refer only to forms for the rest of the description, the script does also allow the user to test the current variables in the url bar for cross site scripting flaws.

The dangers of "Redirect" vulnerabilities

Written by KF and DP

Sunday, 29 April 2007

Redirect vulnerabilities are scripts which allow redirecting to an external site by directly calling a specific URL. These issues are often due to incorrect input validation, but are usually seen as a feature to redirect users.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

45884 total xss 14724 special xss 3026 fixed 5328 xss onhold 2933 EW subscribers

Tweets about ""cross site scripting" OR from:xssedcom"