GIAC Cross-Site Scripting


We were contacted via Twitter about an XSS vulnerability in, a security certification company.

Was interested in GIAC certification.

Tried to search for security people who are already certified:

Typed [for phun] in the search field:
" onmouseover=alert(document.cookie) x="

Got xss'ed and left their website =)

GIAC followed-up with us via e-mail for the details on the vulnerability, which was quickly fixed.

main page ATTRITION feedback