lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 11 Jun 2014 12:33:19 +0200
From: "Roberto Garcia Amoriz" <>
To: <>
Subject: [FD] XSS on Samsung Site

Advisory:– Cross-Site Script Vulnerability (XSS) Advisory
ID: 03062014
Author: Roberto Garcia (@1gbDeInfo)
Affected Software: Successfully tested on Vendor URL:  Vendor Status: informed and solved

Vulnerability Description

The website " " is prone to a XSS vulnerability.

This vulnerability involves the ability to inject arbitrary and unauthorized
javascript code. A malicious script inserted into a page in this manner can
hijack the user’s session, submit unauthorized transactions as the user,
steal confidential information, or simply deface the page.


PoC video is available at!Ot5kERSS!5If3znRA2IOnAOrMZAAnlw


  Solved, but have not notified me anything

Disclosure Timeline

- Report vuln Jun 03, 2014 via email to I sent a
video with the POC.
- Website revised June 10. Solved, but nobody tells me


Vulnerability found and advisory written by Roberto Garcia

Best regards.

Roberto Garcia Amoriz

Twitter: @1gbdeinfo

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists