Net Protector Anti Virus XSS And Content Spoofing Vulnerability ( Net Protector XSS Content Spoofing Antivirus)
No 1 Anti Virus In India "Net Protector Anti Virus XSS And Content Spoofing Vulnerability" ( Lol )
Hello all this post is about "Net Protector Anti Virus XSS And Content Spoofing Vulnerability"
while searching looking into site i had found that on the the network manager log in page
Net protector is using a parameter called "txtMsg="
this is parameter is using for displaying a text message if user enter an invalid login details
so check this for content spoofing
txtMsg=Content Spoofing In NPAV
Bingoo
I got the reflection in web page so as usually i tried it for XSS Vulnerability
So i inputed this java script code there and Booom I Got XSS
<script>alert("XSS In Net Protector By Bhati")</script>
I am also able to access cookies as well as iframe
POC Video
I have reported this vulnerability to their team by email , calls etc.
but they reply me only once and said we will look into this .. now its 1 month gone but the vulnerability is still their so i decided to post a article about this Net Protector Anti Virus XSS And Content Spoofing Vulnerability ..
Please give your suggestion and guidance :-)
Thank You
No comments:
Post a Comment