1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Photobucket XSS Vulnerability

Discussion in 'Ethical hacking' started by fourthdimension, Apr 27, 2009.

  1. fourthdimension

    fourthdimension New Member

    Joined:
    Jan 8, 2009
    Messages:
    144
    Likes Received:
    11
    Trophy Points:
    0
    Home Page:
    Site: http://photobucket.com

    Vulnerability type: XSS injection

    Critical rating: 6/10. Known injection vulnerabilities are not
    source altering, so the user must click on a specially crafted
    link to be exploited. Vulnerabilities can be exploited to steal
    session cookies, among other things.

    Admin notification: 4/26/09

    Admin response: 4/26/09

    Fix: pending

    Proof of concept:


    http://photobucket.com/images/illustration/?ref=homepagequad8"><script>alert("xploit")</script>


    Credits: fourthdimension

    fourthdimension@techmafias.com
     
    Last edited by a moderator: Apr 28, 2009

Share This Page