Nepal Telecom XSS vulnerability:
Site: www.ntc.net.np
Risk: Low
Notified: YES
Action from Admin: N/A
Vulnerable file: /search/searchresult.php
Exploit: The search doesn't sanitize the input from user. So it suffers from XSS.
Solution: sam207 has written an article on it.
More message to NTC, you are open to a lot of problems. We got all the PSTN Bank user logins(we also know where to login from) and what's the point of putting phpinfo() online. We grabbed the PHP information from NTC. Also, why would you like to put apache manual on the website (though isn't a potential risk). Contact us if you want to know more vulnerabilities I think I shouldn't discuss over here.
Thank you.
Showing posts with label nepal telecom. Show all posts
Showing posts with label nepal telecom. Show all posts
Tuesday, 27 October 2009
Subscribe to:
Posts (Atom)