Reflected XSS Vulnerability In Aegis Global Website

An Information Security Expert Narendra Bhati, from Sheoganj, India has discovered Reflected Cross site scripting vulnerability in the official website of Aegis Global website(www.aegisglobal.com).

Aegis group is manufacturing and services sectors of steel, energy, power, communications, shipping ports and logistics, and construction and also he have many BPO centre in india of call centre like TATA DOCOMO

The vulnerability exists in the Search field  of the website.  Injecting the xss code in the Search box will execute successfully the injected code.

For instance, injecting the following code in the search box will display the alert box:

    "><script>alert("E Hacking News")</script>

Narendra also found that the field allows user to run the iframe code also.  So , possibly, a hacker can inject phishing page to scam innocent visitors.

    "/><iframe src="http://www.google.com" width=1000 height=1000></iframe>