Author Topic: xss(cross site scripting) vulnerability on avast.com website  (Read 3256 times)

0 Members and 1 Guest are viewing this topic.

Methodman

  • Guest
xss(cross site scripting) vulnerability on avast.com website
« on: March 12, 2009, 09:26:03 PM »
hello ppl,I am Methodman from teamelite group www.nemesis.te-home.net and I want to report a new xss bug found right now on avast website.
 
vulnerable page:

Code: [Select]
http://www.avast.com/online-shop.php?backlink='"></title><script>alert(1337)</script>><marquee><h1>XSS</h1></marquee>

or: 
 
Code: [Select]
http://www.avast.com/online-shop.php?backlink="><script>alert(document.cookie)</script>

I see many others xxs reported to xxsed.com but anyone was fixed. http://www.xssed.com/archive/domain=avast.com/special=1/  Anyway for who don't know this XSS bug can be exploited by malicious people to conduct phishing attacks.This cross-site scripting issue might be leveraged by an attacker to steal cookie based authentication credentials.

best regards   /Methodman
 


« Last Edit: March 14, 2009, 08:39:41 AM by Methodman »

Offline chocholo

  • Poster
  • *
  • Posts: 645
  • BSC, GSC, MCP
    • Avast
Re: xss(cross site scripting) vulnerability on avast.com website
« Reply #1 on: March 13, 2009, 11:52:08 AM »
Thank you very much for your message, mentioned problems were fixed and we are performing a deep website code review to prevent happening this in the future. Again, thank you.

CharleyO

  • Guest
Re: xss(cross site scripting) vulnerability on avast.com website
« Reply #2 on: March 13, 2009, 08:20:50 PM »
***

Welcome to the forums, Methodman.   :)

It was very nice of you to point this out to the avast team.


***

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34001
  • malware fighter
Re: xss(cross site scripting) vulnerability on avast.com website
« Reply #3 on: March 13, 2009, 10:05:37 PM »
Hi Methodman,

Welcome to a new specialist on the forums. Maybe you can keep us informed about cross site scripting and Iframe injection with malicious intent.
There is a very sinister and destructive file infector on the loose, a new strain of virut aka Vitro, one of the infection vectors is through visiting websites that redirect to the malware. A script for webmasters to get rid of this iframe injection by David Barett can be found here:
http://www.cedit.biz/scripts/14-virusmalware-repair/25-repair-ziefpl-iframe-injection.html
If users are infected as things stand the only way to get rid of it is the FFR-solution, namely f-disk, format, re-install: http://community.ca.com/blogs/securityadvisor/archive/2009/02/09/infectious-virut-on-the-loose.aspx
Giorgio Maone the developer of the NoScript add-on in Firefox and Flock browser stated if the site where the nefarious code reside is not white listed this extension will protect us fully.
But I and many others here believe in full disclosure and that is why we invite you here to our forum with a hearty welcome,

polonus aka luntrus aka Damian
« Last Edit: March 13, 2009, 11:23:33 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!