Reflected Cross site scripting vulnerability has been found in Verizon by #Nullcrew.
The hacker tweeted the poc for the vulnerability
It successfully redirects me to Google. It means that an attacker can lure user into clicking the crafted link and redirects to any sites he want. The attacker can hijack sessions and more.
The hacker tweeted the poc for the vulnerability
"http://games.verizon.com/landing/p/freeplay/instr.jsp?gameId=722050&gameTitle=%3Cscript%3Ealert%28%22Lulz.%22%29%3C/script%3E"As usual, i have tested whether the vulnerability allows attacker to redirect to another site by injecting the following code:
document.location="http://www.google.com"
It successfully redirects me to Google. It means that an attacker can lure user into clicking the crafted link and redirects to any sites he want. The attacker can hijack sessions and more.