Tuesday, April 20, 2010

Nod32 XSS Defacement

Our story is not over,and today we see how ESET treats its websites and the security of their users.
Cross-site scripting (xss) ,Html injection and open redirect vulnerabilities on eset.com , kb.eset.com and nod32.ch

let's see some proof of concept and screensots

Redirect from eset.com to Kaspersky website POC

xss alert on kb.eset.com POC

and sure , the famous defacement POC thx RSnake for his XSS Cheat Sheet

Now many scammers and malicious people can take advantage ,they can inject Java script code to redirect users to some phishing scam pages.So take care!

Check my old posts about Mcafee , Symantec and Trend Micro xss defacement.


ESET Team said...

Hi, our web team appears to have resolved this.

Thank You, ESET Team

Anonymous said...


Anonymous said...

Props to ESET for looking into this issue so promptly.