BugTraq
[Kil13r-SA-20060701-3] Massting Cross-Site Scripting Vulnerability Jun 30 2006 03:28PM
mac68k gmail com
Title:

[Kil13r-SA-20060701-3] Massting Cross-Site Scripting Vulnerability

Author:

Kil13r - http://www.kil13r.info/

Local / Remote:

Remote

Timeline:

2006/06/30 - Discovery

2006/06/30 - Vendor notification

2006/06/30 - Vendor response

2006/06/30 - Vendor fix

2006/07/01 - Release

Affected version:

Not affected version:

Description:

Massting is AJAX chat service site, but that has vulnerability.

It can run arbitrary Javascript code by end user in message input form.

Proof of Concept code:

<img src="javascript:alert(String.fromCharCode(88,83,83,32,53580,49828,53944)
)">

Proof of Concept example:

None

Proof of Concept screenshot:

None

-

The Bird of Hermes is my name,

Eating my wings to make me tame.

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus