Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Vulnerabilities in *McAfee.com
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 30 Mar 2011 13:05:42 -0400

On Wed, Mar 30, 2011 at 8:44 AM, YGN Ethical Hacker Group
<lists () yehg net> wrote:
According to xssed.com,  there are two remaining XSS issues:

https://kb.mcafee.com/corporate/index?page=content&id=";; alert(1); //
https://kc.mcafee.com/corporate/index?page=content&id=";; alert(1); //


You guys know our disclosed issues are very simple and can easily be
found through viewing HTML/JS source codes and simple Google Hacking
(http://www.google.com/search?q=%22%3C%25+Dim++site%3Adownload.mcafee.com).

However,  it was criticized as 'illegal break-in' by Cenzic's CMO,
http://www.cenzic.com/company/management/khera/,  according to Network
World News editor - Ellen Messmer.  Thus, the next target is Cenzic
web site. Let's see how strong the Kung-Fu of Cenzic HailStorm scanner
is.
Too funny.... I wonder is Aaron Barr is consulting for Cenzic.

Jeff

[SNIP]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]