PlanetCreator has reported another critical XSS Vulnerability on classified listings site Ads.com.mm

Cross Site Scripting is a client-side attack where an attacker can craft a malicious link, containing script- code which is then executed within the victim’s browser when the target site vulnerable to and injected with XSS is viewed. The script-code can be any language supported by the browser but mostly HTML and Javascript is used along with embedded Flash, Java or ActiveX.

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Safe3 SQL Injector v5.1

Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers.

Read More

What is DNS hijacking?

DNS hijacking is the process of altering the name server records and redirecting the users to a bogus website. As everyone knows every domain name depends on its name server

Read More

Clickjacking technique called “content extraction”

Cookiejacking is a UI redressing attack that allows an attacker to hijack his victim’s cookies without any XSS. Clickjacking attacks have been widely adopted by attackers worldwide on popular websites

Read More