probiller.com XSS vulnerability

2017-03-18T13:53:00
ID OBB:219579
Type openbugbounty
Reporter Random_Robbie
Modified 2017-04-17T07:14:00

Description

Vulnerable URL:
https://probiller.com/site/NetbillingPurchase/CollectNewCC?domain=3153'"--!>&request;=8r8vesPR1xaabBKoDM7X4elp_uhkhm1ADwy74Ef6K3ewThutwf-UycizdwDcJPSQpXI0G45ppnFpTe4AIJAByygzHgNVcJXlrZqhuhEFCAKrQsKmU1AwWlpyYQTn2pLdeyGo-8YQmZTNxkMUTdWnGjGi2u7F2wqb-vHpQMavEXhgIUVZ94Rp2P4a03OhGeQktLu2-LC5K6WzMM3XZX6Xm8pnA1C49rVjJcJyKuB2CU5A8sGdY5XT_a-TKLkiPHVH685BCxiNtVUDuSGiPec5usoEA1Dy7pZCp7hd_hikOEXJ56mpXeLNYgHi_lUlinWrXlqN1UZBWG-_25WMKHlxShmA9vot-hIjwAsYZdsWTPJlmBDTVB9g3WGFUOvoKxBiJDdnQ6JL18cO01vdSTLjy_4X2KajvV8fNxsTqEdkXFkXZxrNS4Md4BWqtJq50PytyBQL-ZV9nYDnidoXr6FEeeI6JNPZArS4w7eMORNPBDd9xiw90N70N-fXxr-dNlxSgv14_1GfFzqsN9EAmA5EERtp8Cc55uP1E083THj37hI-XurOWC6YBC_BJHWB4YlomloYPJqZtc3Uj2mP7TZyz9hvCIEsHonT0cr7hrxFvelHGAM2H5tu1YcJlYyHOlJn0NzR5k2uzkYzCnEKobk2kgkJJAPEfjrjWUIHcD2U_S5vlpkpp8ikEQ8_9zhVzYcznpetW2DJlKHAEiATgkL0hxyHh8afCUkykDX2_zeVHJK540DcP2NmDbhJBBKtxohTpTCNuNO0NyCrEz_HaMhWxcVnL3AcFnMhfJB4oV-xPTW2HkW8nq4qJY1NgSF_PWGAd0agtiX2eGFDNNMhKy_YMiWONXYK-EDGv8SP7gRk36w5TmwKgRyjFKKHQdh0MWVugCmPAOAvwS6OdaCFyBrDg2xfZtjKeq2QO5tAZHQSUHjafjzqJ79UAhg-0BxEiiGpyq1LE-KdTrdcZqRbHa6Ub7UnZvvjq7Ia_kpfGVRGfUpl7BZ8WGIuojp7LiiZ_Vm_r1q3ijQS9vjCDQgwvzNVAsbo968k8RdMCLRhnWzoTKKr984eMkM3XvWYLTgXc51L3sS_nWYOnjIpDPZIksUEf2Fx4_pAY5tQM2foyvQf44fxv2GATJBt2H3C4FgmzsA5i0cJEEd8orOza90Ms4MyJSS0c1lVvWRhDKj-siIhCabGAjZhW3mRsMoeA6NSAEvvTShuP38-l3OUCMCjf8CtE9ICzYewdfz_JtHEHBk4ocw5WAqOqSvQsTKXJOv9-M19-lhm9OV5X34FX8Ntr0UeAmOQyNz9t8y-U78aFBw6U-hAOHoNp8YpcLgBLFTQ6ve-gdZYg15pPY3304FTqWZaipGkmskCV2mc5K4xBo87fO0x4sRgbYoffoY8HlQzKdqeGrbty-EIbw-_4Pv-L6S2DZ2IShxx9gu2zN19kL6C_lBzAhmYg1BaCPyZL9gXdorSWGZoZDdEjXsohzjrUfD6he6B-vu7kXGJ73iCVCqBPwUAxWJytRILxaueMZziUVTW_gG_VMXBs2lvK6ZKIKslVmlRki9BdycC1TOmI2UXrT86cHA2Lkc4DaRF-n8VkDikFa2MLtTwjN3e9cyGYMJXWObWQZvLuYcVLJ3zxfzsAY7CZpvfNsfQTgRiA3zx8FxEPf0Otu31_hyEXEG8TIMTK0Gg#KNOXSS
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 3596
VIP website status:| Yes
Check probiller.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 18 March, 2017 13:53 GMT
Vulnerability existence verified and confirmed| 20 March, 2017 06:24 GMT
Notification sent to subscribers (without technical details)| 20 March, 2017 10:17 GMT
Vulnerability details disclosed by researcher| 17 April, 2017 07:14 GMT