Sony has been in the news for the past few months. Its leading Play station network was hacked and information of millions of customers was stolen. After that, Sony’s networks and sites worldwide are facing attacks and data theft are being made. Be it hacktivist group Anonymous or notorious hacking group Lulzsec, none has left Sony untouched. But after all this security breaches, Sony isn’t learning from the mistakes it made. A few days back, I was just going through Sonyericsson’s official website looking for some handsets. So just thought of doing some manual audit of the website. And believe me, even a high school kid with hacking skills can find a vulnerability in the site within a minute!
HTTP header response using my python script
And Finally the XSS !
A search box tempted me and I got the most common and most used vulnerability in web applications, Cross site scripting aka XSS. Cross site scripting or XSS is a vulnerability in web applications and websites where an attacker can execute malicious script in the website during the run time and can use the website for phishing and stealing cookies etc. The attacker can execute malicous scripts on the webiste, thus tricking users and putting up traps like ajax keyloggers etc. The site didn’t have much to search for. Though a complete audit may result in more bugs and vulnerabilities. I think now Sony must gear up now. Its better to be secure then banging head on aftermath. 
