Exploit Gadu-Gadu 6.0 - URL Parser JavaScript Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
25009
Проверка EDB
  1. Пройдено
Автор
JAROSLAW SAJKO
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2004-1410
Дата публикации
2004-12-17
Код:
source: https://www.securityfocus.com/bid/11998/info

Multiple remote vulnerabilities reportedly affect Gadu-Gadu instant messenger. It supports the DCC (Direct Client Connection) protocol, facilitating the transfer of files and messages between users.

The input validation issue is an HTML injection vulnerability in the instant messaging system. It is worth noting that this issue, although not exactly the same, resembles closely the HTML injection issue outlined in BID 11899 (Gadu-Gadu Multiple Remote Vulnerabilities). The denial of service vulnerability is due to a bug in the image handling code of the affected application.

An attacker may leverage these issues to carry out HTML injection attacks, potentially stealing sensitive information, and to carry out denial of service attacks, denying legitimate users of access to the affected software. 

www.po"style=background-image:url(javascript:document.write('%3cscript%3ealert%28%22you%20are%20owned!%22%29%3c%2fscript%3e'));".pl
 
Источник
www.exploit-db.com

Похожие темы