LocalTapiola: Single user DOS on selectedLanuage -cookie at (verkkopalvelu.tapiola.fi)

Issue The reporter was able to craft a direct URL that triggered a single user denial of service by modifying a cookie. The affected user had to manually delete the selectedLanguage -cookie to resolve the situation. Fix The issue was investigated and found to be valid. Reasoning The reported case...

LocalTapiola: CSRF bypass + XSS on verkkopalvelu.tapiola.fi

Issue The reporter found an issue in verkkopalvelu.tapiola.fi which led to XSS and CSRF. The issue triggered only on IE, due to CORS implementation. To trigger the issue however, one needed to have a correct viewstate which in essence required manual manipulation. This made a potential attack mor...

LocalTapiola: Open redirect - user interaction needed (verkkopalvelu.lahitapiola.fi/e2/..) - based on #179328

Hello Team Open redirect in this report is not totally fixed Poc :- 1. Open this link https://verkkopalvelu.lahitapiola.fi///example.com/%2f../e2/kotivakuutus/vakuutuslaskuri// 2. Wait for it to load 3. Click on sv It loads to example.com I tried it in android, crome Regards SANTHOSH...

LocalTapiola: Open Redirect (verkkopalvelu.lahitapiola.fi)

PoC: Open link and wait a full load https://verkkopalvelu.lahitapiola.fi//blackfan.ru/%2f../e2/kotivakuutus/vakuutuslaskuri/ Result: Redirect to another site - blackfan.ru Vulnerable script: https://verkkopalvelu.lahitapiola.fi/e2/kotivakuutus/vakuutuslaskuri/scripts/app.js js function ae...

LocalTapiola: CRLF injection in https://verkkopalvelu.lahitapiola.fi/

Hi there, There is an HTTP header injection on https://verkkopalvelu.lahitapiola.fi/a6/VerkkokauppaYTWAR/YT/Etusivu.jsf it allow an attacker to set custom cookies and custom content such as XSS attack within the response. PoC: The parameter p is vulnerable...