lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAFMd44NByescDZ1MrTj44p_bwTNBpiRFicM2j_a2=Fkn6q3ZgA@mail.gmail.com>
Date: Fri, 20 May 2016 20:41:40 -0300
From: Niemand Nie <niemand.sec@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Multiple Reflected XSS vulnerabilities in Infobae Website

ADVISORY INFORMATION

===================

Title: Multiple Reflected XSS vulnerabilities in Infobae Website
Date published: 2016-20-05
Vendors contacted: No answer received
Vendors website: http://www.infobae.com/
Discovered by: Joel Noguera [Independent Security Researcher]
Severity: Medium


AFFECTED PRODUCT

===================
Infobae it is a website of a famous newspaper from Argentina. It is well
known and has thousand of readers per day.
Infobae : http://www.infobae.com/

TECHNICAL DESCRIPTION / PROOF OF CONCEPT

===================

The application does not validate correctly the URL once it is submitted
and an attacker can inject malicious javascript in the code:
The vulnerability is located in the pages:

- http://www.infobae.com/temas/[-PAYLOAD-]

- http://www.infobae.com/temas/[-PAYLOAD-]

This could be exploitable with the following examples:

- http://search.infobae.com/');alert(document.cookie);document.write('


- http://www.infobae.com/temas/');alert(document.cookie);document.write('


IMPACT

===================

Anonymous attacker can inject malicious JS code in crafted request to
hijack session
data of administrators or users of the web resource.


DISCLOSURE TIMELINE

===================

4 May - discovered vulnerability, initially notified vendor
16 May - Contacted again - no response
20 May - Check the vulnerability and it had been fixed.
20 May - Public Disclosure


DISCLAIMER

===================

The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or misuse of
this information.


CREDITS

===================

Joel Noguera as independent Security Researcher.
- Linkedin: https://ar.linkedin.com/in/noguerajoel/en
- Twitter: @niemand_sec
- Email: niemand.sec@...il.com

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ