Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   Photobucket XSS Vulnerability (http://www.go4expert.com/forums/photobucket-xss-vulnerability-t17175/)

fourthdimension 28Apr2009 00:12

Photobucket XSS Vulnerability
Site: http://photobucket.com

Vulnerability type: XSS injection

Critical rating: 6/10. Known injection vulnerabilities are not
source altering, so the user must click on a specially crafted
link to be exploited. Vulnerabilities can be exploited to steal
session cookies, among other things.

Admin notification: 4/26/09

Admin response: 4/26/09

Fix: pending

Proof of concept:


Credits: fourthdimension


All times are GMT +5.5. The time now is 14:57.