1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

Photobucket XSS Vulnerability

Discussion in 'Ethical hacking' started by fourthdimension, Apr 27, 2009.

  1. fourthdimension

    fourthdimension New Member

    Joined:
    Jan 8, 2009
    Messages:
    144
    Likes Received:
    11
    Trophy Points:
    0
    Home Page:
    Site: http://photobucket.com

    Vulnerability type: XSS injection

    Critical rating: 6/10. Known injection vulnerabilities are not
    source altering, so the user must click on a specially crafted
    link to be exploited. Vulnerabilities can be exploited to steal
    session cookies, among other things.

    Admin notification: 4/26/09

    Admin response: 4/26/09

    Fix: pending

    Proof of concept:


    http://photobucket.com/images/illustration/?ref=homepagequad8"><script>alert("xploit")</script>


    Credits: fourthdimension

    fourthdimension@techmafias.com
     
    Last edited by a moderator: Apr 28, 2009

Share This Page