Posted by : Ham JavaNet Kamis, 21 Februari 2013


A Pakistani Security Researcher Ali Hasan Ghauri - founder of AHPT has discovered XSS Vulnerability on Filehippo.com main site. Vulnerability still exists


Security Researcher told The Hackers Post that In December 2012, the Filehippo entire domain was vulnerable and reported XSS flaw to Filehippo team but did not get any response from the company, so i decided to make it public.

Last time we published news of W3Schools vulnerable to same XSS flaw reported by the security researcher.


[#] - Website:
                    http://www.sify.com

[#] - Vulnerable link (POC):
                   http://www.filehippo.com/it/download_ccleaner/%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%28%22XSS%20By%20Ali%20Hasan%20Ghauri%22%29%3C/script%3E

[#] - Vulnerability Type: 
                   XSS (Cross Site Scripting)

[#] - Status:
                   Not Fixed [Critical]

[#] -  Tested on:
                  Firefox 18.0.1

The Youngest Pakistani Security Researcher "Ali Hasan Ghauri" (AHPT) also Found Vulnerabilities on Big Tech Sites on Skype , Adobe, Asia Cnet, Yellowpages, visualstudiomagazine ,Filehippo ,CnetDownloads, US.Acer, W3Schools, Hamariweb & Many More.

About Filehippo:

FileHippo is an Internet download website that offers open source, freeware, and shareware programs for Windows. It does not accept user uploaded files.The website also offers its own software, FileHippo Update Checker, a free program that scans a computer and then reports out-dated software in a web-page, offering links to updated versions.
According to Quantcast, FileHippo receives more than three million US visitors each month and Alexa lists FileHippo among the 700 most visited websites worldwide.

More News of XSS flaw can be found here.


Description: FileHippo Vulnerable to XSS flaw found by Security researcher
Rating: 4.5
Reviewer: Ham JavaNet
ItemReviewed: FileHippo Vulnerable to XSS flaw found by Security researcher

Leave a Reply

Monggo Tinggalkan Jejak Kaks :)

Subscribe to Posts | Subscribe to Comments

Welcome to My Blog

Popular Post

Labels

Arsip Blog

Followers

- Copyright © 2013 shad0w-share | Designed by Johanes Djogan -