Reflected XSS vulnerability in Abdul Kalam's Website

By | 05:48 Leave a Comment

Reflected XSS vulnerability in Abdul Kalam's Website


A Security Researcher from India, Girish Shrimali has discovered Cross site scripting vulnerability in the official website of an Indian scientist and administrator who served as the 11th President of India, A. P. J. Abdul Kalam.

The discovered XSS vulnerability is Reflected type, means non-persistent vulnerability and exploited via crafted url.

Normally, The Reflected  XSS are considered as low risk. Even thought the risk level is estimated as low, the attackers can redirect users to phishing or any other malicious sites.

POC:
http://www.abdulkalam.com/kalam/jsp/display_hints.jsp?menuid=22&menuname=%3Cscript%3Ealert%28%27XSS+found+by+Girish+Shrimali%27%29%3B%3C%2Fscript%3E&starts=0&ends=0


/
Newer Post Older Post Home

0 comments: