Friday, September 2, 2011
Persistent XSS vulnerability in eBuddy Web Messenger Discovered By Warv0x
Do you like this story?
Persistent XSS vulnerability in eBuddy Web Messenger Discovered By Warv0x
A team member from Virtual Luminous Security, Russian Federation, has discovered a persistent XSS vulnerability in eBuddy (the biggest web IM solution in the world) by transmitting messages with embedded encoded javascript code.
In-depth detail
eBuddy Web Messenger suffers from an encoded-Persistent XSS vulnerability in the messaging function. (while sendingA message with embedded code to another authorized user in eBuddy WebMessenger).
Exploit exampleA team member from Virtual Luminous Security, Russian Federation, has discovered a persistent XSS vulnerability in eBuddy (the biggest web IM solution in the world) by transmitting messages with embedded encoded javascript code.
In-depth detail
eBuddy Web Messenger suffers from an encoded-Persistent XSS vulnerability in the messaging function. (while sendingA message with embedded code to another authorized user in eBuddy WebMessenger).
Plain XSS (Not going to store, nor execute)
Encoded
text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E
[*] The attacker sends the encoded embedded code in an IM message.
[*] The victim receives the message with the encoded embedded code and it executes on the victims browser.
This post was written by: Divyu
Divyu is a professional blogger, web designer and front end web developer. Follow him on Twitter
Subscribe to:
Post Comments (Atom)
2 Responses to “Persistent XSS vulnerability in eBuddy Web Messenger Discovered By Warv0x”
July 12, 2012 at 10:50 AM
"%3E%3CsCripT%3Ealert(window.location="http://www.youtube.com/watch?v=dQw4w9WgXcQ")%3C/ScripT%3E
July 12, 2012 at 10:52 AM
%3E%3CsCripT%3Ealert(hurdur)%3C/ScripT%3E
Post a Comment