Site menu
Login form
Our poll
Rate my site
Результаты | Архив опросов
Всего ответов: 8
Site friends
  • Create a free website
    • Statistics
    Онлайн всего: 11
    Гостей: 11
    Пользователей: 0
    Main » 2011 » Март » 16 » Safety icq xss vulnerability on icq com
    12:12
    Safety icq xss vulnerability on icq com


    A few days ago on the site icq.com was found two xss vulnerabilities, notably, both of them active.

    One of the vulnerabilities had already closed the place in their profiles, in the "About Me" your room. Directly from the ICQ client you can write your JS-code, which, respectively, on the page is successfully executed (http://www.icq.com/user_profile/% Vash_nomer% /). Now vulnerability is closed, at what disabling this service, you now have any number issued to 404, but it works the old form of profiles (http://www.icq.com/people/about_me.php?uin =% Vash_nomer%).


    The second vulnerability was present in the blogging service (http://blogs.icq.com/blogs/), than when it is not filtered the message body.

    However, the stolen cookies are not allowed either to change the password or enter the site, since apparently had to bind to IP-address. It would seem that in this case the XSS vulnerability is absolutely useless, but it was not there. In fact, on icq.com there is another type of vulnerability, less used, but no less dangerous, it's CSRF vulnerability. The essence of uyazmiosti was ustnovke secret questions / answers to a number, it is possible to make a direct link:

    https: / / www.icq.com/password/setqa_tx.php?qtype=user&qa1=custom&userq =% Q% & answer1 =% Response% & submit = Submit & zqq =

    In svzyake with XSS vulnerability issues can install virtually any user icq.com

    The vulnerability found in the online user known by the nickname 00090009.
    Source, 2
    Views: 1904 | Added by: w1zard | Rating: 0.0/0
    Total comments: 10
    10 Addirtysist  
    0
    188857 http://clomidtopreview.net/#365362 how long buy clomid http://clomidtopreview.net/#272172 - clomid top review ordering clomid online

    9 RatElastegola  
    0
    972816 http://tenpaydayloans.co.uk/#991578 payday lending wiki 464902 http://tadalafilall.net/#869547 tadalafil generic 674114 http://clomidtopreview.net/#205994 x26 iui clomid online

    8 Addirtysist  
    0
    738891 http://clomidtopreview.net/#23288 buy clomid and nolvadex post cycle therapy http://clomidtopreview.net/#258651 - clomid order clomid cheap

    7 RatElastegola  
    0
    450497 http://tadalafilall.net/#71796 tadalafilall.net

    6 DolaFadySeady  
    0
    913236 http://toppaydayloans.ca/#890448 payday loan bill

    5 DolaFadySeady  
    0
    160771 http://toppaydayloans.ca/#89202 payday loan ottawa

    4 coedeerce  
    0
    102514 http://nolvadexrxpharm.net/#499602 buy nolvadex no prescription anabolic steroids http://nolvadexrxpharm.net/#592044 - nolvadexrxpharm.net paypal buy nolvadex

    3 heiblyphypE  
    0
    e29x http://aviagrafrance.net/#oi96 prix viagra en fr http://aviagrafrance.net/#ox29 - acheter viagra sans ordonnance achat viagra france pas

    2 wewToreerycle  
    0
    ow66 http://kamagrapharm.co.uk/#uq36 kamagra chewable tablets http://kamagrapharm.co.uk/#ng69 - kamagra online jelly for women kamagra pills

    1 qltqwarzy  
    0
    http://www.tekila-et-ses-amis.net/ 78774472889 http://www.hd-digitalsat.com/ 85832239034 http://www.isabelmarantsneakerspascher.info/
    Hello. And Bye.

    Имя *:
    Email *:
    Код *: