Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Home eBuddy Official Website vulnerable to Cross-site scripting
Fabián Cuchietti Vulnerability Web Application Vulnerability XSS Vulnerability

eBuddy Official Website vulnerable to Cross-site scripting

Sunday, February 26, 2012
A security Analyst known as Fabián Cuchietti discovered a cross site scripting(XSS) vulnerability in official website of Ebuddy  .

eBuddy Web Messenger is a web based instant messaging service allows users to Chat online with friends on MSN, Yahoo, AIM, ICQ, GTalk, Facebook and MySpace IM.

The email unsubscribe page of the ebuddy website is found to be vulnerable to XSS attack, the mail address field is vulnerable to XSS.


Poc:
http://www.ebuddy.com/unsubscribe.php?email=%22%20onmouseover%3Dprompt%28961107%29%20bad%3D%22&submit=Unsubscribe
Tags: Fabián Cuchietti Vulnerability Web Application Vulnerability XSS Vulnerability
Share it:

Fabián Cuchietti

Vulnerability

Web Application Vulnerability

XSS Vulnerability