RSS
 

iiNet.net.au XSS Vulnerabilities

06 Oct 2012

iiNet, a major ISP in Australia seems to be a little less secure than they claim they are. After merely searching for XSS vulnerabilities on their website for 5 minutes, I had found these two vulnerabilities. Two non-persistent vulnerabilities, one surprisingly located in iiNet’s main search page.

Here is the main search page vulnerability:

iiNet Search Page XSS

Code:

 

This is another vulnerability on the iiNet Freezone main page:

iiNet Freezone XSS vulnerability

Code:

 

I have reported the above vulnerabilities to iiNet and have gotten no response. Hopefully they will fix the vulnerabilities in the near future.

 
No Comments

Posted in XSS

 

Leave a Reply