Stefan Esser posted about a security flaw in Adobe reader's plugin which enables doing XSS attacks. I was trying it with FF2.0 and Adobe Reader 8.0 but didn't work; just got alerted with a message says "the operation isn't allowed". I think that this problem was fixed in Adobe Reader 8.0 as some people tryed this with older versions and just worked. maybe these people will need to disable the use of the Adobe Reader's plugin in their browsers.

This security flaw affects LinkDSL's messaging system. you have to be a LinkDSL subscriber to experiment this.

LinkDSL is using a messaging system to notify its users of the day of paying bills. the message appears automaticaly when you try to open any web page in your browser. to read the message, you will need to write the password in the field. (they don't need "user name", they already know you .. how??! ask a network guy [a real one] ).

okay, now we will get to the security flaw:
If you try to go through the "I forgot my password" page, you will be asked to provide the mobile number and Tel. number which you gave to LinkDSL when you were subscriping to the DSL service. also, you will be asked to provide a valid email so they can send you the password.
if you try filling the fields with any unvalid data and clicking the button, you will get a javascript alert() message telling you that this data isn't valid.

JavaScript ?!!!
after seeing these JavaScript alert messages, I had to think about 2 things :
1. the submited data were sent to the server through XHR. then the response is displayed suing alert().
2. a security illiterate developer has embeded the Tel. and Mobile numbers in the javascript of this page.

I had to open the source of the page to check this by myself. and Oops .... I found the Tel. and Mobile numbers in the source of the page.

if you know somebody working at Link.net who can fix this, it will be nice to tell them about this flaw. I won't report this to them by myself as it looks like that they don't care about the bug reports sent to them.
I remember that I have sent them a mail 2 monthes ago about a bug in their another website (masrawy.com), and they didn't even replay to me nor fix the bug till now.

you can see that the attacker can't benefit from this security flaw else if he can access the computer of the victim. then, he will know some private information about the victim (Tel.#, Mobile # and DSL bills).

Happy Eid (eat allot of meat) lol