search the site

Saturday, August 6, 2011

Forbes.com Vulnerable to XSS injection



One of the Leading News Company Forbes is Vulnerable. Hacker with name "B1uB3rry" expose that Forbes.com is vulnerable to possible SQL injection but confirmed to be vulnerable to Cross Site Script Injection (XSS) & HTML Injection. According to hacker "One can easily deface the website as other vulnerabilities exist.Live Example of XSS injection on Forbes . Hacker is Admin of B1uB3rry Security Team (San Antonio, TX).


Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to inject client-side script into web pages viewed by other users.


UPDATE:
Another XSS on Subdomain of Forbes. This Vulnerability also exposed by a hacker on Twitter.
 

No comments: