Author Topic: Reflected XSS Vulnerability in Crunchbase  (Read 514 times)

0 Members and 1 Guest are viewing this topic.

Offline ebenzunlimited

  • Lead Admin
  • *****
Reflected XSS Vulnerability in Crunchbase
« on: October 15, 2012, 02:19:53 PM »

Indian Security Researcher, Nikhil Kulkarni, has discovered Reflected Cross site scripting vulnerability in the official website of CrunchBase, a free wiki-style directory of people, technology companies, and investors.

The real name field in the User page  found to be vulnerable to XSS attack.  Nikhil immediately report about the vulnerability to TechCrunch  and was told not to disclose this issue until its rectified.

The security flaw was rectified after he reported but later again he was still able to find XSS again.  So he reported them again.

"And the reply I got was that the earlier when they fixed the XSS issue they found some other codes were breaking and hence forth they had to remove the XSS Prevention code." Researcher said.

The vulnerability successfully has been fixed now.
Insane I Lived♥ Sane I Died♥<img src='http://i253.photobucket.com/albums/hh74/reallytired2/family%20pictures/buckeye%20stuff/clap.gif' />

 

* Post Updates

Re: Convert Thunderbird to Outlook by kevinriseyit
[January 18, 2021, 08:40:07 AM]


Re: Easiest way to convert EML to PST by kevinriseyit
[January 18, 2021, 08:30:21 AM]


Re: Convert Thunderbird to Outlook by Blakelymartin
[January 12, 2021, 07:59:43 AM]

Inside: 3P Techies Blog

* Newest Techies

Get Updates


Sign up to get latest updates delivered to your inbox. No Spam, We Promise!

Get Hosting!

a Faster web hosting service

Copyright 3rd Planet Techies. All rights Reserved.

Top || Mobile || Privacy