#TECHALERT #RANDOMRAMBLING Today’s story From Ah to Ouch.
Ah a new Security company,
Lets look at their website,
Site looks clean and familiar,
oh they use wordpress,
oh they use prettyphoto,
oh they have not updated prettyphoto.
Ouch they have XSS.
Big ouch they claim to give community “Metasploit Unleashed”. (False claim. Metasploit unleashed is created by offensive security)
Not exactly sure what to do.
Note: I am not going to disclose company name via any channel so please don’t ask. I don’t want to give them any further traffic then what they have already got.
BTW if you are using Jquery.prettyphoto.js in any of your website you might want to read https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto