Friday, September 2

Persistent XSS vulnerability in eBuddy Web Messenger Discovered By Warv0x



A team member from Virtual Luminous Security, Russian Federation, has discovered a persistent XSS vulnerability in eBuddy (the biggest web IM solution in the world) by transmitting messages with embedded encoded javascript code.
In-depth detail
eBuddy Web Messenger suffers from an encoded-Persistent XSS vulnerability in the messaging function. (while sendingA message with embedded code to another authorized user in eBuddy WebMessenger).

Exploit example
Plain XSS (Not going to store, nor execute)
<script>alert('eBuddy Persistent XSS');</script>
Encoded
text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E
[*] The attacker sends the encoded embedded code in an IM message.

[*] The victim receives the message with the encoded embedded code and it executes on the victims browser.

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...