===========================================
Digsby Persistent Xss and DOS Vulnerability
===========================================
Name : Digsby Xss and DOS Vulnerability
Date : Nov,20 2010
Vendor Url :http://www.digsby.com/
Critical: LESS 
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
Big hugs : Th3 RDX,Hanan_butt,
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,SeeMe,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr
		    tranquiller
Msg to all : V r not dead !!! we will be back soon!!
             Let the kids play when their dads out ;)
greetz to :!Op3x_ninjato team,www.topsecure.net ,trent Dillman,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
About Digsby:
    digsby is a multiprotocol IM client that lets you chat with all your friends on AIM, MSN, 
    Yahoo, ICQ, Google Talk, and Jabber with one simple to manage buddy list.

###############################################################################################################
Description:

Digsby maintains the chat logs(html format) in a particular folder named "Digsby Logs".
Navigate to your profile log and edit any of the chat log and insert a xss script and save the log.

For example : <script>alert("D0Nt be so happy!!W3 are coming soon")</script> 

example : C:\Documents and Settings\leet\My Documents\Digsby Logs\your_digsby_username\yahoo\Your_email\your_friend's_chatlog

Now Login to digsby and select Tools-->Chat History-->Select the profile and open the particular chat log which has been
edited and you must be getting the javascript alert which ultimately crashes the application.

###############################################################################################################
Screenshots: 
http://img404.imageshack.us/img404/9320/digsxss.jpg (Persistent xss)

http://img225.imageshack.us/img225/9407/digsbydosed.jpg (Application crashed)

###############################################################################################################
Fix: 
   N/a
###############################################################################################################
# 0day no more
# Sid3^effects