Wednesday, September 20, 2006

Danger! DOT GR XSS Detected!

It has come to my attention that a major website, here in Greece, is vulnerable against XSS attacks. I would expect something better from these guys. That site, which I do not intend to reveal for obvious reasons, is actively present in the IT market and one would think it employeed trained professionals. Yet, right there in the front page a huge exploit relies. I haven't done any serious digging but I expect to find more oversights.

As I've written before, XSS (aka Cross Site Scripting) is happening right now while not only programmers but security experts haven't even heard of it. Eventually they'll get to know it the hard way I guess.

No comments: