Reporter Joel Noguera
Title: Multiple Reflected XSS vulnerabilities in Infobae Website
Date published: 2016-20-05
Vendors contacted: No answer received
Vendors website: http://www.infobae.com/
Discovered by: Joel Noguera [Independent Security Researcher]
Infobae it is a website of a famous newspaper from Argentina. It is well
known and has thousand of readers per day.
Infobae : http://www.infobae.com/
TECHNICAL DESCRIPTION / PROOF OF CONCEPT
The application does not validate correctly the URL once it is submitted
The vulnerability is located in the pages:
This could be exploitable with the following examples:
Anonymous attacker can inject malicious JS code in crafted request to
data of administrators or users of the web resource.
4 May - discovered vulnerability, initially notified vendor
16 May - Contacted again - no response
20 May - Check the vulnerability and it had been fixed.
20 May - Public Disclosure
The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or misuse of
Joel Noguera as independent Security Researcher.
- Linkedin: https://ar.linkedin.com/in/noguerajoel/en
- Twitter: @niemand_sec
- Email: firstname.lastname@example.org