Local hacker sp4nkista found non-persistent XSS in TipidPC website

A non persistent XSS or cross site scripting vulnerability has been found by a user named “sp4nkista” in the website dubbed as “Technology Powered Community” – TipidPC.com.

Considered to be one of the largest IT community in the Philippines, this security flaw should be fixed fast.

A link that is provided to us by sp4nkista reveals with character encoding known as CharCode, it bypasses and forces TipidPC to run a javascript code and some html tags. Inserted below is a screen grab after browsing the link(hacker requests not to full disclose).

The web administrator could be aware of this security glitch now since sp4nkista told me hours ago he has to report the vulnerability.