EC-Council Found Vulnerable to 2nd XSS

Fri May 10 12:24:34 CDT 2013


EC-Council's website has been found vulnerable to a cross-site scripting (XSS) attack. This is the second one we have seen, the first being several found in December, 2011. The new one was found by Rafay Baloch and Deepanker Arora, who has discovered XSS in a number of security sites. As always, there is a level of irony when a company selling certifications on hacking is vulnerable to a simple vulnerability. This one is in the portal where customers login, making it more than a pop-up trick.

https://portal.eccouncil.org/forum/login_user.asp?FID=0&Redirect=/forum/login_user.asp%22%20onmouseover=prompt%28/xss/%29%20bad=%22&ResetModules=True


main page ATTRITION feedback