[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Multiple Reflected XSS vulnerabilities in Infobae Website

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Multiple Reflected XSS vulnerabilities in Infobae Website
From: Niemand Nie <niemand.sec@xxxxxxxxx>
Date: Fri, 20 May 2016 20:41:40 -0300

ADVISORY INFORMATION

===================

Title: Multiple Reflected XSS vulnerabilities in Infobae Website
Date published: 2016-20-05
Vendors contacted: No answer received
Vendors website: http://www.infobae.com/
Discovered by: Joel Noguera [Independent Security Researcher]
Severity: Medium


AFFECTED PRODUCT

===================
Infobae it is a website of a famous newspaper from Argentina. It is well
known and has thousand of readers per day.
Infobae : http://www.infobae.com/

TECHNICAL DESCRIPTION / PROOF OF CONCEPT

===================

The application does not validate correctly the URL once it is submitted
and an attacker can inject malicious javascript in the code:
The vulnerability is located in the pages:

- http://www.infobae.com/temas/[-PAYLOAD-]

- http://www.infobae.com/temas/[-PAYLOAD-]

This could be exploitable with the following examples:

- http://search.infobae.com/');alert(document.cookie);document.write('


- http://www.infobae.com/temas/');alert(document.cookie);document.write('


IMPACT

===================

Anonymous attacker can inject malicious JS code in crafted request to
hijack session
data of administrators or users of the web resource.


DISCLOSURE TIMELINE

===================

4 May - discovered vulnerability, initially notified vendor
16 May - Contacted again - no response
20 May - Check the vulnerability and it had been fixed.
20 May - Public Disclosure


DISCLAIMER

===================

The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or misuse of
this information.


CREDITS

===================

Joel Noguera as independent Security Researcher.
- Linkedin: https://ar.linkedin.com/in/noguerajoel/en
- Twitter: @niemand_sec
- Email: niemand.sec@xxxxxxxxx

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Linknat VOS2009/VOS3000 SQL injection
Next by Date: [FD] [RCESEC-2016-001] Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries
Previous by thread: [FD] Linknat VOS2009/VOS3000 SQL injection
Next by thread: [FD] [RCESEC-2016-001] Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries
Index(es):
- Date
- Thread