kanedaaa... ... borys ... bohater ...
slackware - pakiety faqsecuritypublicartprocessinglinux mojetestslinkistatsstart
kaneda@bohater.net
+ Subject:
XSS bug for www.wp.pl

+ Version:
2007.03.04

+ Discovered by:
Kanedaaa: http://kaneda.bohater.net

+ wp.pl Description:
Wirtualna Polska (wp.pl) is the most famous Polish web portal. It is an interactive communication platform that runs millions e-mail accounts (poczta.wp.pl) system.

+ Description:
XSS IN:
http://szukaj.wp.pl/szukaj.html?szukaj=yes+%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&lang=&Szukaj=Szukaj&z=e

The sent data:
yes <script>alert(document.cookie);</script>

That is a possibility to take over an user account from the mail service at http://poczta.wp.pl [and others in *.wp.pl domain] when the logged user would click at specially crafted URL.



Timeline:
2007.03.04 bug discovered
2007.03.04 bug sent via http://pomoc.wp.pl/formularz.html?serwis=Pomoc
2007.03.30 still not fixed

Original Advisory: http://kaneda.bohater.net/security/20070304-xss-wp.pl.php

Check my other bugs in security section: Security
BTW: Dyziu jest spoko ziom :]