Go4Expert - View Single Post

fourthdimension

Site: http://photobucket.com

Vulnerability type: XSS injection

Critical rating: 6/10. Known injection vulnerabilities are not
source altering, so the user must click on a specially crafted
link to be exploited. Vulnerabilities can be exploited to steal
session cookies, among other things.

Admin notification: 4/26/09

Admin response: 4/26/09

Fix: pending

Proof of concept:

http://photobucket.com/images/illustration/?ref=homepagequad8"><script>alert("xploit")</script>

Credits: fourthdimension

fourthdimension@techmafias.com

fourthdimension Ambitious contributor
28Apr2009,00:12
	Site: http://photobucket.com Vulnerability type: XSS injection Critical rating: 6/10. Known injection vulnerabilities are not source altering, so the user must click on a specially crafted link to be exploited. Vulnerabilities can be exploited to steal session cookies, among other things. Admin notification: 4/26/09 Admin response: 4/26/09 Fix: pending Proof of concept: http://photobucket.com/images/illustration/?ref=homepagequad8"><script>alert("xploit")</script> Credits: fourthdimension fourthdimension@techmafias.com Last edited by shabbir; 28Apr2009 at 08:35.. Reason: Confine links to signatures only