Proof Of Concept Nokia Cross Site Scripting

Hello Guy z

This Is Adesh Nandkishor Kolte An Independent Security Researcher From India

This Article on My Recent Finding of Nokia Web Application Vulnerability which is Affected by cross Site Scripting

While Enumerating Nokia I got a subdomain

http://search.networks.nokia.com and found cross Site Scripting

in Search Box that was not properly validated for input , got parameter

S_FULLTEXT= Here i tried for Xss and BOOM GOT

Vulnerable Resource :

http://search.networks.nokia.com/Search/s.s?S_FULLTEXT=

Vulnerable Parameter :

Search/s.s?S_FULLTEXT=

Vulnerable URL:

http://search.networks.nokia.com/Search/s.s?S_FULLTEXT=%22++img+SRC%3Dx+onerror%3Dalert(document.domain)+&siteId=internet&templateId=%22%3E%3Cimg%20SRC=x%20onerror=alert(document.domain)%3Esearch&locale=%22%3E%3Cimg%20SRC=x%20onerror=alert(document.domain)%3Een

https://youtu.be/LffxHeXjPOo

As a reward Nokia Gave me Hall Of Fame

Thanks For Reading