Hey, According to Alexa, Ask.com <http://www.alexa.com/siteinfo/ask.com> ranks 58th in the world. It is a highly popular search engine for web sites, images, news, blogs, videos, local search and shopping. Their users are susceptible to cross-site scripting<http://www.ask.com/q/What-is-Cross-Site-Scripting>(XSS) and phishing attacks, as reported by security researcher Azat Harutyunyan. <http://www.xssed.com/archive/author=Azat%20Harutyunyan/>
Malicious users are able to exploit the XSS<http://www.ask.com/ans?qsrc=2900&o=102140&l=dir&q=What+is+XSS&search=search>vulnerability, allowing them to compromise the security of targeted client computers and consequently whole networks, just by launching a sophisticated phishing attack that is aided by a malicious JavaScript. They could also exploit the allowed frame redirection in order to point phishing victims to a fake Ask.com page and ask them to input sensitive information or download a malicious fake Ask.com toolbar. *Ask.com Frame Redirect/XSS mirrors:* www.ask.com Frame Redirect <http://www.xssed.com/mirror/67044> city.ask.com Frame Redirect <http://www.xssed.com/mirror/67045/> int.ask.com Frame Redirect <http://www.xssed.com/mirror/67046/> secure.sponsoredlistings.ask.com XSS on SSL page<http://www.xssed.com/mirror/61131/> mws.ask.com XSS <http://www.xssed.com/mirror/67047/> it.ask.com XSS <http://www.xssed.com/mirror/62976/> vulnerability notified by XaDoS <http://www.xssed.com/archive/author=XaDoS/> Source: http://www.xssed.com/news/105/Critical_Ask.com_frame_redirect_and_XSS_security_issues/ Regards, 0xN41K -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
