eBuddy Web Messenger Cross Site Scripting

eBuddy Web Messenger Cross Site Scripting: Posted Sep 1, 2011; Authored by Russian Federation; eBuddy Web Messenger suffers from a cross site scripting vulnerability.; tags | exploit, web, xss; SHA-256 | 77b4fe175a400f550ca56f490b3da9cd7a692adb0823cd175fed9a0e611b28bb; Download | Favorite | View

eBuddy Web Messenger Cross Site Scripting

           ################################################################################
           ###########       \ \   / /(_) _ __ | |_  _   _   __ _ | |       ###############
           ###########        \ \ / / | || '__|| __|| | | | / _` || |       ###############
           ###########         \ V /  | || |   | |_ | |_| || (_| || |       ###############
           ###########          \_/   |_||_|    \__| \__,_| \__,_||_|       ###############
           ###########                                                      ###############
           ########### _                       _                            ###############
           ###########| |    _   _  _ __ ___  (_) _ __    ___   _   _  ___  ###############
           ###########| |   | | | || '_ ` _ \ | || '_ \  / _ \ | | | |/ __| ###############
           ###########| |___| |_| || | | | | || || | | || (_) || |_| |\__ \ ###############
           ###########|_____|\__,_||_| |_| |_||_||_| |_| \___/  \__,_||___/ ###############
           ################################################################################
                    warv0x, krypt0n, Russian Fedration, sol@ris(s0lar), yoadee
     
 
 
P.S: Shoutout to Xpired.
 
   
Author: Russian Fedration
Date:   31.08.2011
Version: Works with latest eBuddy Web Messenger. (as of September 2011)
Vulnerability: Persistent XSS
In-depth detail: eBuddy Web Messenger suffers from an encoded-      
 
Persistent XSS vulnerability in the messaging function. (while sending    
 
A message with embedded code to another authorized user in eBuddy Web    
 
Messenger)
       
 
     
Exploit example:
 
Plain XSS (Not going to store, nor execute)
 
<script>alert('eBuddy Persistent XSS');</script>
 
 
 
Encoded
 
text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E
 
Images:



[*] The attacker sends the encoded embedded code in an IM message. (Image 1)

Image 1;
http://i.minus.com/iLkBc67tzK5N.png
 
 
[*] The victim receives the message with the encoded embedded code and it executes on the victims browser.(Image 2)

Image 2;
http://img594.imageshack.us/img594/6485/ebuddy.png 



###########################################################################################################

Note:
 
We're not going to show examples of malicious use to avoid the usage of  
 
fame hungry kidiots. If you're creative, the universe is the limit. :)

###############################################################################################################

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

eBuddy Web Messenger Cross Site Scripting

eBuddy Web Messenger Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

eBuddy Web Messenger Cross Site Scripting

Share This

eBuddy Web Messenger Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems