Photobucket XSS Vulnerability

Discussion in 'Ethical hacking' started by fourthdimension, Apr 27, 2009.

  1. fourthdimension

    fourthdimension New Member

    Joined:
    Jan 8, 2009
    Messages:
    144
    Likes Received:
    11
    Trophy Points:
    0
    Home Page:
    http://www.easygeek.org
    Site: http://photobucket.com

    Vulnerability type: XSS injection

    Critical rating: 6/10. Known injection vulnerabilities are not
    source altering, so the user must click on a specially crafted
    link to be exploited. Vulnerabilities can be exploited to steal
    session cookies, among other things.

    Admin notification: 4/26/09

    Admin response: 4/26/09

    Fix: pending

    Proof of concept:


    http://photobucket.com/images/illustration/?ref=homepagequad8"><script>alert("xploit")</script>


    Credits: fourthdimension

    fourthdimension@techmafias.com
     
    Last edited by a moderator: Apr 28, 2009

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice