Infobae Cross Site Scripting

2016-05-24T00:00:00
ID PACKETSTORM:137160
Type packetstorm
Reporter Joel Noguera
Modified 2016-05-24T00:00:00

Description

                                        
                                            `ADVISORY INFORMATION  
  
===================  
  
Title: Multiple Reflected XSS vulnerabilities in Infobae Website  
Date published: 2016-20-05  
Vendors contacted: No answer received  
Vendors website: http://www.infobae.com/  
Discovered by: Joel Noguera [Independent Security Researcher]  
Severity: Medium  
  
  
AFFECTED PRODUCT  
  
===================  
Infobae it is a website of a famous newspaper from Argentina. It is well  
known and has thousand of readers per day.  
Infobae : http://www.infobae.com/  
  
TECHNICAL DESCRIPTION / PROOF OF CONCEPT  
  
===================  
  
The application does not validate correctly the URL once it is submitted  
and an attacker can inject malicious javascript in the code:  
The vulnerability is located in the pages:  
  
- http://www.infobae.com/temas/[-PAYLOAD-]  
  
- http://www.infobae.com/temas/[-PAYLOAD-]  
  
This could be exploitable with the following examples:  
  
- http://search.infobae.com/');alert(document.cookie);document.write('  
  
  
- http://www.infobae.com/temas/');alert(document.cookie);document.write('  
  
  
IMPACT  
  
===================  
  
Anonymous attacker can inject malicious JS code in crafted request to  
hijack session  
data of administrators or users of the web resource.  
  
  
DISCLOSURE TIMELINE  
  
===================  
  
4 May - discovered vulnerability, initially notified vendor  
16 May - Contacted again - no response  
20 May - Check the vulnerability and it had been fixed.  
20 May - Public Disclosure  
  
  
DISCLAIMER  
  
===================  
  
The information contained within this advisory is supplied "as-is" with  
no warranties or guarantees of fitness of use or otherwise.  
I accept no responsibility for any damage caused by the use or misuse of  
this information.  
  
  
CREDITS  
  
===================  
  
Joel Noguera as independent Security Researcher.  
- Linkedin: https://ar.linkedin.com/in/noguerajoel/en  
- Twitter: @niemand_sec  
- Email: niemand.sec@gmail.com  
  
  
`