Sunday, December 20, 2009

Matasano still have a bug ?!

after the deface now is still vulnerable
Matasano Security website vulnerable to html injection and redirect



Vulnerable page:

http://chargen.matasano.com/storage/uploads/2009/cpp_xss
http://chargen.matasano.com/chargen/?currentPage=4&lol=xss
http://chargen.matasano.com/contributor/7135872xss
http://chargen.matasano.com/chargen/2006/9/6xss

Redirect poc: http://chargen.matasano.com

Iframe: http://chargen.matasano.com/storage/uploads/2009/cpp_


update: fixed :)

No comments: