[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Multiple Reflected XSS vulnerabilities in Infobae Website
From: Niemand Nie <niemand.sec () gmail ! com>
Date: 2016-05-20 23:41:40
Message-ID: CAFMd44NByescDZ1MrTj44p_bwTNBpiRFicM2j_a2=Fkn6q3ZgA () mail ! gmail ! com
[Download RAW message or body]
ADVISORY INFORMATION
===================
Title: Multiple Reflected XSS vulnerabilities in Infobae Website
Date published: 2016-20-05
Vendors contacted: No answer received
Vendors website: http://www.infobae.com/
Discovered by: Joel Noguera [Independent Security Researcher]
Severity: Medium
AFFECTED PRODUCT
===================
Infobae it is a website of a famous newspaper from Argentina. It is well
known and has thousand of readers per day.
Infobae : http://www.infobae.com/
TECHNICAL DESCRIPTION / PROOF OF CONCEPT
===================
The application does not validate correctly the URL once it is submitted
and an attacker can inject malicious javascript in the code:
The vulnerability is located in the pages:
- http://www.infobae.com/temas/[-PAYLOAD-]
- http://www.infobae.com/temas/[-PAYLOAD-]
This could be exploitable with the following examples:
- http://search.infobae.com/');alert(document.cookie);document.write('
- http://www.infobae.com/temas/');alert(document.cookie);document.write('
IMPACT
===================
Anonymous attacker can inject malicious JS code in crafted request to
hijack session
data of administrators or users of the web resource.
DISCLOSURE TIMELINE
===================
4 May - discovered vulnerability, initially notified vendor
16 May - Contacted again - no response
20 May - Check the vulnerability and it had been fixed.
20 May - Public Disclosure
DISCLAIMER
===================
The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or misuse of
this information.
CREDITS
===================
Joel Noguera as independent Security Researcher.
- Linkedin: https://ar.linkedin.com/in/noguerajoel/en
- Twitter: @niemand_sec
- Email: niemand.sec@gmail.com
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic