Tuesday, June 4, 2013

Non persistant XSS in Nokia Subdomain

I had found 2 Non persistant XSS bugs in one Nokia subdomain, please look for the details below..



Subdomain: https://www.sales.nokia.com

Vulnerability type:  XSS

Affected Items:

/mis/forgotPwdSubmit.do
/mis/loginSubmit.do

Vulnerable URLs:

1. https://www.sales.nokia.com/mis/loginSubmit.do?CALLING_PAGE=&txtPasswd=&txtUsrName="</script>'<SCRIPT>alert("XSS")</SCRIPT>


2. https://www.sales.nokia.com/mis/forgotPwdSubmit.do?txtEmailID=&txtUserID=%22%3C/script%3E%3CSCRIPT%3Ealert%28%22XSS%22%29%3C/SCRIPT%3E

Though it was not that easy you to find this XSS as it was a login page that was using POST requests to authenticate and there was a javascript blocking use of any special characters, So I used the firefox addon to tamper the request like putting admin@nokia.com in email and password 12345, then tampering the admin@nokia with a normal payload, still it didn't execute then I checked the source of the page, and noticed there is " and <script> tag open, so I modified the payload and it successfully executed.



Tested On- Windows 7 and Firefox Latest Version

I reported it to nokia then finally.



-Cyb3R_Shubh4M

0 comments:

Post a Comment