Infi-Zeal's Blog

Canadian Government under Cyber Attack The “Holy Lulz Crusade of Canada” is an operation initiated by the hackers of the  Team Dig7tal  collective, but it’s uncertain if this is a form of protest against the Canadian government or simply a way of showing that websites are highly insecure. The list of targeted sites is considerably long and if in some cases they simply unveiled the presence of cross-site scripting (XSS) and SQL Injection  vulnerabilities, in other situations they’ve leaked the information found in the databases. One of the most important websites is the National Defence and Canadian Forces ( corces.gc.ca ). They not only demonstrated that the main domain contains a number of XSS security holes, but they also showed how some of the subdomains could be breached by leveraging SQL Injections. The subdomains include  navy.forces.gc.ca  and  army.forces.gc.ca .  From the systems of the Health Council of Canada they leaked database i...

PayPal XSS- Cross Site Scripting is one of the top level vulnerabilities listed by OWASP. Today, so many websites are vulnerable to this vector. By using this vulnerability many attacks can be carried on like cookie stealing, session hijacking and so many other attacks also. This attack can be upgraded to gain some higher level of disclosure or attack if combined with  other attack vectors. Today just surfing PayPal i came to know about that even PayPal be a target for this attack. So i'm sharing this vulnerability here at Infi-Zeal Technologies Blog, with you. And this is the very basic test for XSS discovery at PayPal. Regards, CoolAv