Content Spoofing Vulnerability on Constantcontact.com - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner

Breaking

Content Spoofing Vulnerability on Constantcontact.com

An independent security researcher Maulik Kotak found content spoofing vulnerability on Constantcontact.com 

content spoofing is a hacking technique used to lure a user on to a website that looks legitimate, but is actually an elaborate copy.

Hackers can spoof content use dynamic HTML and frames to create a website with the expected URL and a similar appearance, and then prompts the user for personal information. 


Content spoofing is also common with email alerts, account notifications and so on. Maulik have provided the video demonstration regarding this vulnerability.
This is the original link site:

https://ui.constantcontact.com/support/login.jsp?startURL=/support/index.jsp&error.message=Your%20username%20or%20password%20did%20not%20match%20our%20records.

This is content spoofing payload link:

https://ui.constantcontact.com/support/login.jsp?startURL=/support/index.jsp&error.message=Content%20Spoofing

These are the difference between Content Spoofing and XSS

Content spoofing is an attack that is closely related to cross site scripting (XSS). While XSS uses <script> and similar techniques to run JavaScript, content spoofing uses other techniques to modify the pages for malicious reasons.

Even if XSS mitigation techniques are used within the web application, such as proper output encoding, the application can still be vulnerable to text-based spoofing attacks.




Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter

No comments:

Post a Comment