Digsby suffers from persistent cross site scripting and denial of service vulnerabilities.
748c6258c88ff0c9af87ab3125c0aef6ec52884ed1b99e5e4ee93b72bde4618e
===========================================
Digsby Persistent Xss and DOS Vulnerability
===========================================
Name : Digsby Xss and DOS Vulnerability
Date : Nov,20 2010
Vendor Url :http://www.digsby.com/
Critical: LESS
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
Big hugs : Th3 RDX,Hanan_butt,
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,SeeMe,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr
tranquiller
Msg to all : V r not dead !!! we will be back soon!!
Let the kids play when their dads out ;)
greetz to :!Op3x_ninjato team,www.topsecure.net ,trent Dillman,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
About Digsby:
digsby is a multiprotocol IM client that lets you chat with all your friends on AIM, MSN,
Yahoo, ICQ, Google Talk, and Jabber with one simple to manage buddy list.
###############################################################################################################
Description:
Digsby maintains the chat logs(html format) in a particular folder named "Digsby Logs".
Navigate to your profile log and edit any of the chat log and insert a xss script and save the log.
For example : <script>alert("D0Nt be so happy!!W3 are coming soon")</script>
example : C:\Documents and Settings\leet\My Documents\Digsby Logs\your_digsby_username\yahoo\Your_email\your_friend's_chatlog
Now Login to digsby and select Tools-->Chat History-->Select the profile and open the particular chat log which has been
edited and you must be getting the javascript alert which ultimately crashes the application.
###############################################################################################################
Screenshots:
http://img404.imageshack.us/img404/9320/digsxss.jpg (Persistent xss)
http://img225.imageshack.us/img225/9407/digsbydosed.jpg (Application crashed)
###############################################################################################################
Fix:
N/a
###############################################################################################################
# 0day no more
# Sid3^effects