Monday, March 1, 2010

Gulf Business Machines Cross-Site Scripting (XSS)

+++About GBM+++
Founded in 1990, Gulf Business Machines (GBM) is the leading IT solutions providers in the region fulfilling the IT requirements of local, regional and international organisations in the GCC.

A spin-off from IBM, GBM is the sole distributor for IBM 'excluding selected IBM products and services' throughout the GCC, except for Saudi Arabia.


+++Affected URL(s)+++
All website URLs which are using the vulnerable parameter. For example:

http://www.gbm4ibm.com/inside_networking_services.php?m=first
ttp://www.gbm4ibm.com/inside_productshowcase_cisco.php?m=fifth


and more ...

+++Vulnerable Parameter(s)+++
'm'


+++PoC+++







IBM first notified: February 18, 2010
Response: None till date
Public Disclosure: March 01, 2010


Best Regards.

No comments:

Post a Comment

Disclaimer

The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.