Tuesday, 27 October 2009

Laxmibank.com XSS/SQLi vulnerability

Laxmi Bank XSS/SQLi vulnerability:

Site: www.laxmibank.com
Risk: Medium - High
Notified: YES
Action from Admin: N/A
Vulnerable file: searchpage.asp
Exploit: The search doesn't sanitize the input from user. So it suffers from XSS. And moreover specially crafted SQL queries can be done through search box
Solution: sam207 has written an article on it.

Note that we have notified Laxmi Bank about this long time ago but they didn't give us any reply or didn't update themselves.

1 comment:

  1. bank ones... they are quite vulnerable... why don't they just think on security?