Laxmi Bank XSS/SQLi vulnerability:
Site: www.laxmibank.com
Risk: Medium - High
Notified: YES
Action from Admin: N/A
Vulnerable file: searchpage.asp
Exploit: The search doesn't sanitize the input from user. So it suffers from XSS. And moreover specially crafted SQL queries can be done through search box
Solution: sam207 has written an article on it.
Note that we have notified Laxmi Bank about this long time ago but they didn't give us any reply or didn't update themselves.
Subscribe to:
Post Comments (Atom)
bank ones... they are quite vulnerable... why don't they just think on security?
ReplyDelete