What is Hotfoon?

Hotfoon is a new type of Internet telephony that is very inexpensive, easy to setup and use.

Hotfoon's current service enables you to:

Make long distance calls at near local rates.

Talk to other Hotfoon users for free.

Ver:4.0

APP web site :http://www.hotfoon.com/

========================================================================
==

vuln

the attacker can exploit chat with user by send a link to random user and hoyfoon directly open the link in IE or the web broser

whithout alert user.

========================================================================
==

exploit

1)open hotfoon program

2)select chat to random user

3)in chat window ,send the URL that contains bad code such as ( XSS,IE exploit,or EXE file with webdownloader ..etc )

4)the web broser or IE (tested in IE) will directly open the link without alert user.

========================================================================
==

Saudi Linux

[ reply ]