Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Horoscope.com XSS Vulnerable
Posted by: Super-Friez
Date: July 13, 2007 01:26PM

Yup, did a little searching around, and it turns out Horoscope.com is vulnerable to XSS attacks. Check it out.

http://my.horoscope.com/getHoroscope.asp?sign=3&day=%3Cscript%3Ealert('XSS')%3C/script%3E&month=6&year=%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ch10%3ELook!%20And%20you%20can%20even%20print%20your%20own%20text!%3C/h10%3E

I emailed them and told them, but nothing ever happened. Any advice on how to get them to patch it?

Options: ReplyQuote
Re: Horoscope.com XSS Vulnerable
Date: July 13, 2007 03:39PM

Informing site's about security holes is not worthwhile since 90%+ they will ignore you, think its not serious or worse fix it using their limited knowledge and not really fix it. Sadly its how the internet is. Good luck getting them to fix their problems. =o(

Options: ReplyQuote
Re: Horoscope.com XSS Vulnerable
Posted by: id
Date: July 13, 2007 04:47PM

This belongs in full disclosure....moved

-id



Edited 1 time(s). Last edit at 07/13/2007 04:49PM by id.

Options: ReplyQuote
Re: Horoscope.com XSS Vulnerable
Posted by: Super-Friez
Date: July 13, 2007 06:01PM

Sorry, I've only been here for a day or two.

Options: ReplyQuote
Re: Horoscope.com XSS Vulnerable
Posted by: id
Date: July 13, 2007 08:57PM

no worries

-id

Options: ReplyQuote


Sorry, only registered users may post in this forum.