Monday, January 14, 2008

My first XSS published

Yeah, finally an XSS bug I found has been published on xssed.com! Actually, after stumbling upon this site in late 2007, I had been submitting quite a few bugs discovered while wandering the wilderness, but this was the first one published so far. I wonder what happened to the others - were they not important enough to be there, or just the admins were too busy to process all the submissions. But anyway, I'll keep submitting bugs I have found - for a better digital world :)

Believe it or not, since I gained "underground" knowledge about internet security, I have been seeing vulnerabilities everywhere. Like in 10 websites I visited, 5 were vulnerable to XSS or SQL injection, 2 had other bugs that surely made them insecure, and 3 had bugs that had been/would be discovered (and exploited) by someone other than me. And most of the time my emails to the webmaster went to /dev/null. Not to mention the fact that only a few webmasters were capable of fixing them the right way.

Now with xssed, hopefully my bug reporting will become more effective. And I wonder if there are any other sites like that where I can submit SQL injection vulnerabilities and other bugs too.