Hacking Binom3 Electric Power Quality Meters
Found one (new) vulnerability in D-link DIR-300 router.
It is posted here:
Cross Site Scripting (XSS) in MTV website.
My first security advisory 🙂
Well, I reported XSS in Sterlite router on Feb 5, 2010.
Sterlite SAM300AX is used by broadband customers in Delhi and Mumbai, India. Given the customer base of MTNL in these 2 metro cities, this vulnerability may be extremely useful for an attacker and / or a bot herder looking for new bots.
After waiting for vendor response 2 weeks +, I decided to publish this to Full Disclosure/publicly.
Sharing the vuln POST request and parameters here:
Twitter is again in news (surprise!, anyone).
Another XSS worm hit Twitter creating (good, eh!) publicity of another portal – StalkDaily.