Nepal telecom's search feature vulnerable to XSS

Very interesting xss injection in search feature of our very own trusted website which if you are dumb enough this can make you divulge your hotmail address and password. This is a complete rip off from nepali security google group. I am in no way the author of this particular exploit.

Just reporting the issue.This particular example highlights the need of awareness about xss amongst internet users.

click to see the xss at work.

If you people want to play safe please download firefox browser to surf the
internet and then install a extension to your browser called "noscript".One can
never expect 100% safety in online world but this move will make you
considerably safer and you won't regret it i promise.

You can download this addon either from extensions page from mozillla
or from a freeware and will stop the xss injected link if the authentic looking link tries to trick you.

here goes the link to see what you have entered.

Post a Comment

Powered by Blogger.