Mobilkom Austria XSSes

[bosti.be () hush com]

G'Day Ladies and Gents,

it has been already over 3 weeks now, since they've told me they're 
going to fix this flaws, as soon as they've resolved more important 
tasks... I think they had enough time, so here is my first 
disclosure.


Just a little, not that important non-persistent XSS. Cookie 
hijacking possible:

http://www.a1.net/forum/?module=mkaSearch&action=search&wo=-
1&search_eforum=<img src=http://wtfhub.com/wp-
content/uploads/2010/12/y-u-no-template1.jpg>

===========================

It gets funnier. They even DO allow HTML in a posting or thread. 

http://www.a1.net/forum/mkaPosts/insert/2207.page

Proof: http://i.imgur.com/0h5IM.jpg


===========================


As you can see in the Screenshot, they even allow HTML in your 
Signature. 

And yet another non-persistent XSS (search form), Cookie hijacking 
possible:

http://www.a1.net/musikfreizeichen/index.htm?action=browseSearchResu
lt&exact=false&searchString=<script>alert("wat")</script>

===========================

some fun: http://i.imgur.com/1F141.png
and even more: http://i.imgur.com/GMqcm.png

First disclosure, keep that in mind. Now let's hope they fix the 
flaws soon. And btw, I also know they're not critical, so don't 
bitch about it.

Greets,
HypoX

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/