dapao100.com XSS vulnerability

2017-09-21T00:50:00
ID OBB:300462
Type openbugbounty
Reporter OmniGooch
Modified 2017-12-20T01:18:00

Description

Vulnerable URL:
http://dapao100.com/member/login.php?refer=/search.php?keywords=%27;alert(/XSSPOSED/)//%27;alert(/XSSPOSED/)//%22;alert(/XSSPOSED/)//%22;alert(/XSSPOSED/)//--%3E%3C/sCRipT%3E%22%3E%27%3E%3CsCRipT%3Ealert(/XSSPOSED/)%3C/sCRipT%3E
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 20.12.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 1020840
VIP website status:| No
Check dapao100.com SSL connection:| (Grade: C+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 21 September, 2017 00:50 GMT
Generic security notifications sent to website owner| 21 September, 2017 00:53 GMT
Notification sent to subscribers (without technical details)| 21 September, 2017 02:17 GMT
Vulnerability details disclosed by researcher| 20 December, 2017 01:18 GMT