Computer Security

Security Advisory: XMB "U2U Instant Messenger" Cross-Site Scripting
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Maxtricity Tagger Password Disclosure Vulnerability

  ZixForum <= 1.14 (Zixforum.
mdb) Remote Password Disclosure Vulnerability

  [Full-disclosure] [OPENADS-SA-2007-
001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed

  Toxiclab Shoutbox Password Disclosure Vulnerability

From:Advisory_(at)_Aria-Security.net <Advisory_(at)_Aria-Security.net>
Date:24.01.2007
Subject:XMB "U2U Instant Messenger" Cross-Site Scripting

#Aria-Security Team
#http://Aria-Security.com
#Contact: Advisory@aria-security.com
#Type:Remote Cross-Site Scripting
#Article on XSS: http://aria-security.net/xss.rar
#Discovered By Aria-Security Team
#Software: XMB U2u Instant Messenger
#
#Explanation:
First of all user must be REGISTERED
- Go to http://target/xmbpath/memcp.php  ---> U2U Instant Messenger
- Inster your xss code for the recipient
- Press Preview


Original Advisory
http://aria-security.com/forum/showthread.php?p=129

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server