BrotherSoft website vulnerable to XSS Security flaw

Sponsored Links
An 21 Years Old Information Security Expert, Narendra Bhati From Sheogan Rajasthan , has discovered a non-persistent XSS security flaw in the official website of BrotherSoft.

Narendra found that the Search Query field in the Webpage of the brothersoft.com is vulnerable to  XSS attack.

BrotherSoft Providing worldwide customers as among the top 5 leading software download websites. Over 250,000 freeware and shareware are for free download which covers 7 channels including Windows, Mac, Mobile, etc. There are more than 10,00,000 downloads every day on their site.

POC code :
http://search.brothersoft.com/index.php?stype=windows&keyword="><script>alert("XSS")</script>

The site also allows users to inject the iframe code:
http://search.brothersoft.com/index.php?stype=windows&keyword="/><iframe+src="http://www.indiaresults.com/"+width=1000+height=1000></iframe>

He Also notice that Privacy Poliocy Page Of BrotherSoft is also vulnerable to XSS Narendra claimed that he reported about vulnerability 4 Days Ago to BrotherSoft but they failed to respond.

Category: / /

Share this with Your friends:


About Author

, founder of E Hacking News, an Information Security enthusiast who has more interest in PenTesting and Malware analysis. You can find him on Google+ Profile , Twitter and Facebook.