Author Topic: Reflected XSS Vulnerability in Crunchbase  (Read 496 times)

0 Members and 1 Guest are viewing this topic.

Offline ebenzunlimited

  • Lead Admin
  • *****
Reflected XSS Vulnerability in Crunchbase
« on: October 15, 2012, 02:19:53 PM »

Indian Security Researcher, Nikhil Kulkarni, has discovered Reflected Cross site scripting vulnerability in the official website of CrunchBase, a free wiki-style directory of people, technology companies, and investors.

The real name field in the User page  found to be vulnerable to XSS attack.  Nikhil immediately report about the vulnerability to TechCrunch  and was told not to disclose this issue until its rectified.

The security flaw was rectified after he reported but later again he was still able to find XSS again.  So he reported them again.

"And the reply I got was that the earlier when they fixed the XSS issue they found some other codes were breaking and hence forth they had to remove the XSS Prevention code." Researcher said.

The vulnerability successfully has been fixed now.
Insane I Lived♥ Sane I Died♥<img src='http://i253.photobucket.com/albums/hh74/reallytired2/family%20pictures/buckeye%20stuff/clap.gif' />

 

* Post Updates

Re: Export MBOX Files to Outlook PST Emails by Somit Vishwakarma
[November 28, 2020, 01:06:01 PM]


WPX is giving out 6 months of free WordPress hosting this week by obasimiracle
[November 25, 2020, 01:56:47 AM]


Re: Outlook PST Merge by ruth less
[November 11, 2020, 07:22:38 AM]

Inside: 3P Techies Blog

* Newest Techies

Get Updates


Sign up to get latest updates delivered to your inbox. No Spam, We Promise!

Get Hosting!

a Faster web hosting service

Copyright 3rd Planet Techies. All rights Reserved.

Top || Mobile || Privacy