XSS Everywhere – Another Full Disclosure Run

much like before with dcrab, another security researcher decided to prove to the world what everyone knows and ignores – almost every web site has vulnerabilities and these are being ignored.

skyout just released a list of sites which are affected by xss, in full disclosure mode:

among the sites are americanexpress.com, walmartstores.com, pcworld.co.uk, weather.com, netscape.com, thestreet.com and others. we are working to notify them and hopefully prevent some phishing. but once something is out there, it’s out there. full disclosure.

i expect we will start seeing such lists quite regularly, after all, these are everywhere.

gadi evron,

  • http://digi.whiteacid.org/ digi7al64

    Lmao – full disclosure is a good practice as it tends to help the devs prioritize their workload.

    In relation to how easy this type of stuff is to do i decided to take on myspace this morning a see if i could find a expoilt to prove a point… the result, within 5 mins i had tags working with firefox.

    meh – how do this ppl get programming jobs?

  • http://www.whiteacid.org Sid

    I suppose people need to start using something like the safeString class (http://www.we11er.co.uk/programming/safestring.html).

  • Pingback: Financial Thoughts