Monday, August 9, 2010

Symantec website still vulnerable to XSS


Maybe someone is already tired to see on my blog every week an new XSS bug on Symatec website,but this is not my fault if their sites still sucks.Anyay....we hope that this is the last :)

Poc:

http://www.symantec.com/avcenter/cgi-bin/nisurl.cgi?lang=fr&unblock=XSS

http://seer.entsupport.symantec.com/email_forms/site_feedbck.asp?ddProduct=XSS





redirect and html injection works fine also.

2 comments:

thetestmanager said...

"..we hope that this is the last :) "

Nope its not.

I'll post the link tomorrow

TheTestManager said...

ok posted it.

http://www.thetestmanager.com/blog/2010/08/10/full-disclosure-symantec-website-vulnerable-to-xss/