Author Topic: Reflected XSS Vulnerability in Crunchbase  (Read 546 times)

0 Members and 1 Guest are viewing this topic.

Offline ebenzunlimited

  • Lead Admin
  • *****
Reflected XSS Vulnerability in Crunchbase
« on: October 15, 2012, 02:19:53 PM »

Indian Security Researcher, Nikhil Kulkarni, has discovered Reflected Cross site scripting vulnerability in the official website of CrunchBase, a free wiki-style directory of people, technology companies, and investors.

The real name field in the User page  found to be vulnerable to XSS attack.  Nikhil immediately report about the vulnerability to TechCrunch  and was told not to disclose this issue until its rectified.

The security flaw was rectified after he reported but later again he was still able to find XSS again.  So he reported them again.

"And the reply I got was that the earlier when they fixed the XSS issue they found some other codes were breaking and hence forth they had to remove the XSS Prevention code." Researcher said.

The vulnerability successfully has been fixed now.
Insane I Lived♥ Sane I Died♥<img src='' />


* Newest Techies

Inside: 3P Techies Blog

Get Updates

Sign up to get latest updates delivered to your inbox. No Spam, We Promise!

Copyright 3rd Planet Techies. All rights Reserved.

Top || Mobile || Privacy