Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Multiple Reflected XSS vulnerabilities in Infobae Website

From: Niemand Nie <niemand.sec () gmail com>
Date: Fri, 20 May 2016 20:41:40 -0300
ADVISORY INFORMATION

===================

Title: Multiple Reflected XSS vulnerabilities in Infobae Website
Date published: 2016-20-05
Vendors contacted: No answer received
Vendors website: http://www.infobae.com/
Discovered by: Joel Noguera [Independent Security Researcher]
Severity: Medium


AFFECTED PRODUCT

===================
Infobae it is a website of a famous newspaper from Argentina. It is well
known and has thousand of readers per day.
Infobae : http://www.infobae.com/

TECHNICAL DESCRIPTION / PROOF OF CONCEPT

===================

The application does not validate correctly the URL once it is submitted
and an attacker can inject malicious javascript in the code:
The vulnerability is located in the pages:

- http://www.infobae.com/temas/[-PAYLOAD-]

- http://www.infobae.com/temas/[-PAYLOAD-]

This could be exploitable with the following examples:

- http://search.infobae.com/&apos;);alert(document.cookie);document.write('


- http://www.infobae.com/temas/&apos;);alert(document.cookie);document.write('


IMPACT

===================

Anonymous attacker can inject malicious JS code in crafted request to
hijack session
data of administrators or users of the web resource.


DISCLOSURE TIMELINE

===================

4 May - discovered vulnerability, initially notified vendor
16 May - Contacted again - no response
20 May - Check the vulnerability and it had been fixed.
20 May - Public Disclosure


DISCLAIMER

===================

The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or misuse of
this information.


CREDITS

===================

Joel Noguera as independent Security Researcher.
- Linkedin: https://ar.linkedin.com/in/noguerajoel/en
- Twitter: @niemand_sec
- Email: niemand.sec () gmail com

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: