Tuesday, April 20, 2010
Nod32 XSS Defacement
Our story is not over,and today we see how ESET treats its websites and the security of their users.
Cross-site scripting (xss) ,Html injection and open redirect vulnerabilities on eset.com , kb.eset.com and nod32.ch
let's see some proof of concept and screensots
Redirect from eset.com to Kaspersky website POC
xss alert on kb.eset.com POC
and sure , the famous defacement POC thx RSnake for his XSS Cheat Sheet
Now many scammers and malicious people can take advantage ,they can inject Java script code to redirect users to some phishing scam pages.So take care!
Check my old posts about Mcafee , Symantec and Trend Micro xss defacement.