Julien Ahrens

Vulnerability Intel | ROP Gadget Hunter | Privacy Enthusiast | Full-time BugBounty hunter | @Hacker0x01 MVH | @SynackRedTeam member

sachsen-anhalt.de - Cross-Site Scripting Vulnerability

11 Apr 2012 » Coordinations

This time I have found a non-persistent xss vulnerability on one of Germany’s country-government websites. Immediatley after the finding (on 2012-03-11), I have noticed the webmaster about the vulnerability, but….no reaction. I noticed them 2 further times each time by extending the number of receipients…I thought that would help in getting any reaction, but it seems that I have been a naive German citizen.

Since…at least…I do care about security, I decided to send an email to the famous German IT magazine heisec.de to increase the pressure of the webmaster to fix this issue. Praise the press: the issue is fixed now.

Now I can write a lot about my philosophy about webmasters who do not like security reports, but this is very, very annoying since many of them did not understand (yes even after the Sony breach ?!) how to react to such kind of issues.

Readme: http://security.inshell.net/advisory/14