PlanetCreator.Net’s Security Team Member has reported another critical XSS vulnerability on MM Search Engine http://www.yangon.com.mm
These are some information from Vulneral Site http://www.yangon.com.mm:
This vulnerability has been alerted to webmaster
Vulnerability Link is as follow http://www.yangon.com.mm/
We hope that your security staff will look into this issue and fix it as soon as possible.
Gathering information: (set) http://www.subnetonline.com/ (set) http://ping.eu/ (ping, dns_tools, traceroute, web_tools) http://serversniff.net/ (DIG / nslookup, whois, traceroute) http://networking.ringofsaturn.com/Tools/ (whois, dns_tools, service_scan, traceroute) http://centralops.net/co/DomainDossier.aspx (whois, dns_tools, domain_search) http://www.whois.ws/ (whois, dns_tools) http://www.robtex.com/ (whois)
It’s quite easy to construct a bogus login page and steal password. Let’s look at the methods used to construct a fake login screen and how hackers steal your password.
Malware authors are using IP tracking methods to deliver the latest variant of malware. It’s reported that the malware Waledec sends localized news to the victims using GeoIP technologies. The