Browsed by
Month: March 2017

Never Trust Untrusted SSL Certificates, XSS in Certcc SSLCheck subdomain ?>

Never Trust Untrusted SSL Certificates, XSS in Certcc SSLCheck subdomain

In this blog post I’m going to discuss the XSS vulnerability that I found in sslcheck.certcc.ir. Certcc has developed its own SSL configuration assessment service (like SSLLabs.com). The good point about this is that websites that are only reachable from Iran’s IP addresses can be tested using this service. I was playing around with this website to see how it works in contrast to SSLLabs.com, I found out that it gives you much more options like entering ip addresses, testing…

Read More Read More