[Kil13r-SA-20060701-3] Massting Cross-Site Scripting Vulnerability

mac68k Fri, 30 Jun 2006 11:35:36 -0700

Title:

[Kil13r-SA-20060701-3] Massting Cross-Site Scripting Vulnerability



Author:

Kil13r - http://www.kil13r.info/


Local / Remote:

Remote


Timeline:

2006/06/30 - Discovery

2006/06/30 - Vendor notification

2006/06/30 - Vendor response

2006/06/30 - Vendor fix

2006/07/01 - Release


Affected version:


Not affected version:


Description:

Massting is AJAX chat service site, but that has vulnerability.

It can run arbitrary Javascript code by end user in message input form.


Proof of Concept code:

<img src="javascript:alert(String.fromCharCode(88,83,83,32,53580,49828,53944))">


Proof of Concept example:

None


Proof of Concept screenshot:

None


-

The Bird of Hermes is my name,

Eating my wings to make me tame.

[Kil13r-SA-20060701-3] Massting Cross-Site Scripting Vulnerability

Reply via email to