AOL and ASK.com vulnerable to XSS attack , found by TeamHav0k

Sponsored Links
Hacker group "TeamHav0k" discovered Cross site scripting vulnerabilities in two High profile websites; Two XSS vulnerabilities found in AOL.COM and 1 vulnerability in Ask.com.

AOL is best known for its online software suite, also called AOL, that allowed customers to access the world's largest "walled garden" online community and eventually reach out to the Internet as a whole.

Ask.com is the #1 question answering service that delivers the best answers from the web and real people - all in one place. The map application of Ask.com is vulnerable to Xss attack.

"Well i just got bored and decided to find a few more XSS for ya guys :)"TeamHav0k Member said in the pastebin release.

Poc:

http://shopping.aol.com/articles/search/?q=XSSTest--></script><script>alert(1)</script>
http://www.aol.com/?icid=aolcomlogorefresh5&dlact=XSSTest</script><script>alert("1")</script>

http://www.ask.com/maps?qsrc=2930&sa="><script>alert(String.fromCharCode(34,69,114,114,111,114,34))</script>&fa="><script>alert(String.fromCharCode(34,69,114,114,111,114,34))</script>290+Atlanta,+GA

In the past, TeamHav0k joined with Zer0Lulz team and discovered xss vulnerabilities in lot of Educational institute websites.

Category: / /

Share this with Your friends: