XSS hole in Pluralism.org

November 1st, 2007

XSS hole in Pluralism.org

It is fixed now.

This is a XSS hole that can be used to steal cookies. I found it when I was doing a search in Pluralism.org and found this. I am going to inform them soon and I do have solution for them, if they want to listen to it that is.

Well the hole is simple, just follow this link, when you go there you’ll see a popup telling XSS. Same thing can be modified a little and converted to a cookie stealer.

Funny thing is this loop won’t cost them much, I think, but a hole is always a hole and fixing it will be good for both the website and it’s visitors.

My Email to their staff:

Hi,

There is a XSS hole in your search, I have written about it my site http://tech36.com/blog/xss-hole-in-pluralismcom/

It can be fixed.

Regards,

Prathik.

No related posts

Posted in Security

This entry was posted on Thursday, November 1st, 2007 at 2:46 pm You can leave a response, or trackback from your own site.

Technology Blog

XSS hole in Pluralism.org

Leave a Reply

Welcome

Get daily updates

Tech36 Blog RSS

Recent Posts

Friends

Recent Comments