asia1click.com XSS vulnerability

2017-07-05T18:46:00
ID OBB:260483
Type openbugbounty
Reporter Random_Robbie
Modified 2017-08-17T07:18:00

Description

Vulnerable URL:
http://www.asia1click.com/corpbooking/SearchWaiting.aspx?SC=BKKIW38EFB〈=th"'--!>&FLOW;_NAME=AIRSEARCH&SEARCHTYPE;=1&AN;_OPTIONINFO_1=SEV&AN;_OPTIONINFO_2=FLO,OL&FQD;_EXPANDEDPARAM1=NDA&FQD;_PRICINGTICKETINGINDICATOR=RU,RP&MASTER;_NoOfRecommendation=200&SEARCHMETHOD;=12&DEPARTCITY;=BKK&RETURNCITY;=CNX&TYPEOFTRIP;=R&CABINCLASS;=3&AIRLINE1;=PG&DEPARTDATE;=01/03/2016&RETURNDATE;=05/03/2016&ADULTS;=1&Show;_FareLoad=True&corp;_login=AsiaFb_1&corp;_agency_code=BKKIW38EFB&corp;_security_code=BKKIW38EFB&corp;_group_code=B2C&corp;_flow=2
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 3573098
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 5 July, 2017 18:46 GMT
Vulnerability existence verified and confirmed| 6 July, 2017 06:24 GMT
Generic security notifications sent to website owner| 6 July, 2017 06:24 GMT
Notification sent to subscribers (without technical details)| 6 July, 2017 10:17 GMT
Vulnerability details disclosed by researcher| 17 August, 2017 07:18 GMT