FileHippo Vulnerable to XSS flaw found by Security researcher

A Pakistani Security Researcher Ali Hasan Ghauri - founder of AHPT has discovered XSS Vulnerability on Filehippo.com main site. Vulnerability still exists

Security Researcher told The Hackers Post that In December 2012, the Filehippo entire domain was vulnerable and reported XSS flaw to Filehippo team but did not get any response from the company, so i decided to make it public.

Last time we published news of W3Schools vulnerable to same XSS flaw reported by the security researcher.

[#] - Website:
                    http://www.sify.com

[#] - Vulnerable link (POC):
                   http://www.filehippo.com/it/download_ccleaner/%27%22-%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%28%22XSS%20By%20Ali%20Hasan%20Ghauri%22%29%3C/script%3E

[#] - Vulnerability Type: 
                   XSS (Cross Site Scripting)

[#] - Status:
                   Not Fixed [Critical]

[#] -  Tested on:
                  Firefox 18.0.1

The Youngest Pakistani Security Researcher “Ali Hasan Ghauri” (AHPT) also Found Vulnerabilities on Big Tech Sites on Skype , Adobe, Asia Cnet, Yellowpages, visualstudiomagazine ,Filehippo ,CnetDownloads, US.Acer, W3Schools, Hamariweb & Many More.

About Filehippo:

FileHippo is an Internet download website that offers open source, freeware, and shareware programs for Windows. It does not accept user uploaded files.The website also offers its own software, FileHippo Update Checker, a free program that scans a computer and then reports out-dated software in a web-page, offering links to updated versions.
According to Quantcast, FileHippo receives more than three million US visitors each month and Alexa lists FileHippo among the 700 most visited websites worldwide.

More News of XSS flaw can be found here.

email