eBuddy Web Messenger Cross Site Scripting

eBuddy Web Messenger Cross Site Scripting: Posted Sep 1, 2011; Authored by Russian Federation; eBuddy Web Messenger suffers from a cross site scripting vulnerability.; tags | exploit, web, xss; SHA-256 | 77b4fe175a400f550ca56f490b3da9cd7a692adb0823cd175fed9a0e611b28bb; Download | Favorite | View

eBuddy Web Messenger Cross Site Scripting

           ################################################################################
           ###########       \ \   / /(_) _ __ | |_  _   _   __ _ | |       ###############
           ###########        \ \ / / | || '__|| __|| | | | / _` || |       ###############
           ###########         \ V /  | || |   | |_ | |_| || (_| || |       ###############
           ###########          \_/   |_||_|    \__| \__,_| \__,_||_|       ###############
           ###########                                                      ###############
           ########### _                       _                            ###############
           ###########| |    _   _  _ __ ___  (_) _ __    ___   _   _  ___  ###############
           ###########| |   | | | || '_ ` _ \ | || '_ \  / _ \ | | | |/ __| ###############
           ###########| |___| |_| || | | | | || || | | || (_) || |_| |\__ \ ###############
           ###########|_____|\__,_||_| |_| |_||_||_| |_| \___/  \__,_||___/ ###############
           ################################################################################
                    warv0x, krypt0n, Russian Fedration, sol@ris(s0lar), yoadee
     
 
 
P.S: Shoutout to Xpired.
 
   
Author: Russian Fedration
Date:   31.08.2011
Version: Works with latest eBuddy Web Messenger. (as of September 2011)
Vulnerability: Persistent XSS
In-depth detail: eBuddy Web Messenger suffers from an encoded-      
 
Persistent XSS vulnerability in the messaging function. (while sending    
 
A message with embedded code to another authorized user in eBuddy Web    
 
Messenger)
       
 
     
Exploit example:
 
Plain XSS (Not going to store, nor execute)
 
<script>alert('eBuddy Persistent XSS');</script>
 
 
 
Encoded
 
text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E
 
Images:



[*] The attacker sends the encoded embedded code in an IM message. (Image 1)

Image 1;
http://i.minus.com/iLkBc67tzK5N.png
 
 
[*] The victim receives the message with the encoded embedded code and it executes on the victims browser.(Image 2)

Image 2;
http://img594.imageshack.us/img594/6485/ebuddy.png 



###########################################################################################################

Note:
 
We're not going to show examples of malicious use to avoid the usage of  
 
fame hungry kidiots. If you're creative, the universe is the limit. :)

###############################################################################################################

Top Authors In Last 30 Days

Red Hat 213 files
Ubuntu 90 files
Gentoo 31 files
Debian 22 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Amit Roy 4 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

eBuddy Web Messenger Cross Site Scripting

eBuddy Web Messenger Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

eBuddy Web Messenger Cross Site Scripting

Share This

eBuddy Web Messenger Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems