Digsby suffers from persistent cross site scripting and denial of service vulnerabilities.
9976ca88d81e424b3c19d7b806701202===========================================
Digsby Persistent Xss and DOS Vulnerability
===========================================
Name : Digsby Xss and DOS Vulnerability
Date : Nov,20 2010
Vendor Url :http://www.digsby.com/
Critical: LESS
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
Big hugs : Th3 RDX,Hanan_butt,
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,SeeMe,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr
tranquiller
Msg to all : V r not dead !!! we will be back soon!!
Let the kids play when their dads out ;)
greetz to :!Op3x_ninjato team,www.topsecure.net ,trent Dillman,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
About Digsby:
digsby is a multiprotocol IM client that lets you chat with all your friends on AIM, MSN,
Yahoo, ICQ, Google Talk, and Jabber with one simple to manage buddy list.
###############################################################################################################
Description:
Digsby maintains the chat logs(html format) in a particular folder named "Digsby Logs".
Navigate to your profile log and edit any of the chat log and insert a xss script and save the log.
For example : <script>alert("D0Nt be so happy!!W3 are coming soon")</script>
example : C:\Documents and Settings\leet\My Documents\Digsby Logs\your_digsby_username\yahoo\Your_email\your_friend's_chatlog
Now Login to digsby and select Tools-->Chat History-->Select the profile and open the particular chat log which has been
edited and you must be getting the javascript alert which ultimately crashes the application.
###############################################################################################################
Screenshots:
http://img404.imageshack.us/img404/9320/digsxss.jpg (Persistent xss)
http://img225.imageshack.us/img225/9407/digsbydosed.jpg (Application crashed)
###############################################################################################################
Fix:
N/a
###############################################################################################################
# 0day no more
# Sid3^effects
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed