Saturday 16 November 2013

Net Protector XSS Content Spoofing Antivirus .Net Protector Anti VirusXSS And Content Spoofing Vulnerability



 Net Protector Anti Virus XSS And Content Spoofing Vulnerability ( Net Protector XSS Content Spoofing Antivirus)

No 1 Anti Virus In India "Net Protector Anti Virus XSS And Content Spoofing Vulnerability" ( Lol ) 




Hello all this post is about "Net Protector Anti Virus XSS And Content Spoofing Vulnerability"


while searching looking into site i had found that on the the network manager log in page

Net protector is using a parameter called "txtMsg="







this is parameter is using for displaying a text message if user enter an invalid login details

so check this for content spoofing

txtMsg=Content Spoofing In NPAV





Bingoo

I got the reflection in web page so as usually i tried it for XSS Vulnerability 

So i inputed this java script code there and Booom I Got XSS 


<script>alert("XSS In Net Protector By Bhati")</script>




I am also able to access cookies as well as iframe




POC Video




I have reported this vulnerability to their team by email , calls etc.

but they reply me only once and said we will look into this .. now its 1 month gone but the vulnerability is still their so i decided to post a article about this Net Protector Anti Virus XSS And Content Spoofing Vulnerability ..

Please give your suggestion and guidance :-) 


Thank You 



No comments:

Post a Comment