Search This Blog

Powered by Blogger.

Blog Archive


About Me

Showing posts with label Fabián Cuchietti. Show all posts

XSS Vulnerability in Amazon website ,found by Fabian Cuchietti

Security Researcher, Fabian Cuchietti discovered XSS vulnerability in the Amazon Web Services(


It seems that the vulnerability has been fixed by vendor, the admin managed to filter html codes by converting to html special characters. Anyway we are able to retrieve the mirror of the vulnerability from 

Mirror is available here:

Screenshot of the vulnerability

XSS vulnerability found in Skype, FSecure and McaFee websites

After an interesting XSS find in Kevin Mitnick's site, Security Researcher Fabián Cuchietti come with more interesting find.  This time the he discovered xss vulnerability in Skype, Mcafee and Fsecure websites.

The Phorm page of skype is vulnerable to Cross site scripting.



The XSS Vulnerability discovered on these sites could allow an attacker to steal cookies if he manages to convince the users to click on a specially crafted link.

XSS vulnerability found in Kevin Mitnick's website by Fabián Cuchietti

Kevin Mitnick , the legend of Social Engineering, was the most-wanted computer criminal in the United States, now working as Security Consultant.  The website belong to Mitnick is found to be vulnerable to Cross site scripting(XSS) Vulnerability.

Vulnerability Details:
  • Target:  MitnickSecurity
  • Vulnerable Link :
  • Vulnerable Field : strEmail 
  • POC: /"><iframe onload=alert(document.cookie)>
The above mentioned vulnerability is found by Security Researcher Fabián Cuchietti. Recently Cuchietti discovered XSS Vulnerability in Ferrari website also.

XSS vulnerability in Ferrari Website, found by @FabianCuchietti

Security Researcher FabianCuchietti has discovered a Cross site scripting vulnerability in Ferrari website.Ferrari S.p.A. is an Italian sports car manufacturer based in Maranello, Italy. Founded by Enzo Ferrari in 1929, as Scuderia Ferrari.

?k="><script>alert('Ferrari XSS - @FabianCuchietti')</script>

eBuddy Official Website vulnerable to Cross-site scripting

A security Analyst known as Fabián Cuchietti discovered a cross site scripting(XSS) vulnerability in official website of Ebuddy  .

eBuddy Web Messenger is a web based instant messaging service allows users to Chat online with friends on MSN, Yahoo, AIM, ICQ, GTalk, Facebook and MySpace IM.

The email unsubscribe page of the ebuddy website is found to be vulnerable to XSS attack, the mail address field is vulnerable to XSS.
