Skip to main content

Attacking DTAC’s MMS System Via Cross Site Scripting

A stored XSS vulnerability located in DTAC's MMS system that allows you to view other people’s MMS if exploited correctly.

info

DTAC is the second largest GSM mobile phone provider in Thailand.

Details#

The name of the multimedia file attached in the MMS is not properly sanitized. This makes attacking via XSS possible. Simply change the name of the multimedia file to the XSS payload. For example, if it’s an image file, rename it to <img src=x onerror=alert(1)>.jpg. Then attach and send it just like how you would send a normal MMS. Your payload will be executed once the receiver clicked on the link in the MMS. Due to poor coding, the logged in user’s phone number and password are hidden in the html source and can be grabbed using GetElementsByName.

dtac1dtac2dtac3dtac4dtac5