Multiple Vulnerabilities on CBS Website

CBS (cbs.com) is a popular media website that has been found open to about 17 Blind SQL Injection, this is beside several XSS cross site scripting vulnerabilities that risk website users. D35m0nd142 posted on pastbin his finding with images to vulnerable URL’s.

For detecting those vulnerabilities D35m0nd142 used Acunetix one of the widely known program for pentesting web application, this tool allows pentester to just select his target and it will scan and create a report with what is vulnerable on the web application side.

BlindSQL Injection on CBS (click to enlarge)

Finding those vulnerabilities seems to be a big weakness from the security team at CBS, how they did not observe 17 bugs? Now if you are looking for a complete solution for testing any machine regardless what service it is running you need to check COREvidence.

COREvidence integrates the best tools for pentesting any application and protocol, whether you are looking to check DNS, Mail server, Web server , workstations, Virtual machines , routers, switches or anything live just select and run. I really find it the perfect fit for any security professional with a low cost and time consuming.

I have made a previous review that you can consider while trying COREvidence.

Share
You can leave a response, or trackback from your own site.