NS International Train Tickets v7.31.4 Reflected XSS Vulnerability
Title: NS International Train Tickets v7.31.4 Reflected XSS Vulnerability
Advisory ID: ZSL-2017-5441
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 24.12.2017
Google Chrome 60.0.3112.90
Firefox Quantum 57.0.1
[16.10.2017] Vendor communicated via Twitter.
[17.10.2017] Vendor replied back. Details about the vulnerability sent.
[15.11.2017] Vulnerability fixed by the vendor.
[24.12.2017] Public security advisory released.
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2017-5441
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 24.12.2017
Summary
NS International Train Tickets is a web application that is used by NS International (Dutch railways) to manage (search, book, plan, buy) train tickets for international travels from the Netherlands.Description
NS International Train Tickets confirmation page 'bookingConfirm' is vulnerable to a Reflected XSS. The input provided to the 'dnr' query string parameter is reflected to the validationMismatch.html page. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.Vendor
NS International BV - https://www.nsinternational.nlAffected Version
7.31.4Tested On
Opera 49.0.2725.39Google Chrome 60.0.3112.90
Firefox Quantum 57.0.1
Vendor Status
[15.10.2017] Vulnerability discovered.[16.10.2017] Vendor communicated via Twitter.
[17.10.2017] Vendor replied back. Details about the vulnerability sent.
[15.11.2017] Vulnerability fixed by the vendor.
[24.12.2017] Public security advisory released.
PoC
nsint_poc.txtCredits
Vulnerability discovered by Stefan Petrushevski - <stefan@zeroscience.mk>References
N/AChangelog
[24.12.2017] - Initial releaseContact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk