Reflected XSS Vulnerability found in Verizon

Sponsored Links
Reflected Cross site scripting vulnerability has been found in Verizon by #Nullcrew.

The hacker tweeted the poc for the vulnerability

"http://games.verizon.com/landing/p/freeplay/instr.jsp?gameId=722050&gameTitle=%3Cscript%3Ealert%28%22Lulz.%22%29%3C/script%3E"
As usual, i have tested whether the vulnerability allows attacker to redirect to another site by injecting the following code:

document.location="http://www.google.com"

It successfully redirects me to Google.  It means that an attacker can lure user into clicking the crafted link and redirects to any sites he want.  The attacker can hijack sessions and more.
Category: / /

Share this with Your friends: