September 1st, 2011 
Mourad Ben Lakhoua Kaspersky Lab site is now open to XSS (cross-site scripting) attacks together with Iframe injections. This is not good for any company, especially for a company dealing with security. An XSS attack launches when a web program collects vicious data from an end-user mostly via a hyperlink that carries malicious content inside it. Thus, as [...]
July 30th, 2011 Mourad Ben Lakhoua New vulnerability has been discovered in Elgg an open-source application that helps to create social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications. Well-known Organizations with networks powered by Elgg include: Australian Government, British Government, Federal Canadian Government, MITRE, The World [...]
Posted in Vulnerabilities, Vulnerabilities & attacks, Web Security 
Tags: Elgg, open source, Vulnerability, XSS, XSS Vulnerability 
3 Comments » March 29th, 2011 Mourad Ben Lakhoua New Cross-site scripting vulnerability has been detected on Facebook and widely exploited in the mobile API version, this vulnerability allows a malicious user to include JavaScript content into a website and redirect victim’s browser to the prepared URL. I have already saw this flaw in the last few days, many of my friend list are [...]
Posted in Social Networking, Vulnerabilities, Vulnerabilities & attacks, Web Security Tags: Facebook, XSS, XSS Vulnerability 48 Comments » July 4th, 2010 Mourad Ben Lakhoua XSS vulnerability in YouTube comments processing allows an attacker to execute arbitrary scripts in the security context. Go on youtube. Choose any video. Add the following script: Update (1): It is better to stay away from YouTube until they fix the vulnerability or at least logging out of YouTube if you use it. Update (2): [...]
Posted in News, Vulnerabilities, Vulnerabilities & attacks, Web Security Tags: XSS, XSS Vulnerability, YouTube 10 Comments »
