Tuesday, March 23, 2010

Capgemini CTO Blog Cross-Site Scripting (XSS)


+++About Capgemini+++
A global leader in consulting, technology, outsourcing, and local professional services (http://www.capgemini.com/about/)

+++Affected URL(s)+++
http://www.capgemini.com/ctoblog/search_blog.php

+++Vulnerable Parameter / Function+++
'Search'

+++PoC+++



Capgemini Ist Notified: February 18, 2010
Capgemini IInd Notification: March 02, 2010
Response Received: March 02, 2010
Detailed Info Emailed: March 03, 2010
Current Status: Fixed (As of today, March 23, 2010)

Thanks to Richard Fahey @capgemini for his quick response on resolving this issue.

Best Regards.

Tuesday, March 2, 2010

TVS Star City Cross-Site Scripting (XSS)

+++About TVS Automobiles+++
A Leading automobile company with popular products as TVS Apache, Star City etc having operations in India.

+++Affected URL(s)+++
All website URLs which are using the vulnerable parameter. For example:

http://www.tvsstarcity.com/dealer-locator.asp?id=NEW%20DELHI

+++Vulnerable Parameter(s)+++
'id'

+++PoC+++



Best Regards.

Monday, March 1, 2010

Gulf Business Machines Cross-Site Scripting (XSS)

+++About GBM+++
Founded in 1990, Gulf Business Machines (GBM) is the leading IT solutions providers in the region fulfilling the IT requirements of local, regional and international organisations in the GCC.

A spin-off from IBM, GBM is the sole distributor for IBM 'excluding selected IBM products and services' throughout the GCC, except for Saudi Arabia.


+++Affected URL(s)+++
All website URLs which are using the vulnerable parameter. For example:

http://www.gbm4ibm.com/inside_networking_services.php?m=first
ttp://www.gbm4ibm.com/inside_productshowcase_cisco.php?m=fifth


and more ...

+++Vulnerable Parameter(s)+++
'm'


+++PoC+++







IBM first notified: February 18, 2010
Response: None till date
Public Disclosure: March 01, 2010


Best Regards.

Disclaimer

The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.