Bugtraq: XMB "U2U Instant Messenger" Cross-Site Scripting

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

XMB "U2U Instant Messenger" Cross-Site Scripting

From: Advisory () aria-security net
Date: 20 Jan 2007 22:09:27 -0000

#Aria-Security Team
#http://Aria-Security.com
#Contact: Advisory () aria-security com
#Type:Remote Cross-Site Scripting
#Article on XSS: http://aria-security.net/xss.rar
#Discovered By Aria-Security Team
#Software: XMB U2u Instant Messenger
#
#Explanation:
First of all user must be REGISTERED
- Go to http://target/xmbpath/memcp.php  ---> U2U Instant Messenger
- Inster your xss code for the recipient 
- Press Preview


Original Advisory
http://aria-security.com/forum/showthread.php?p=129

By Date By Thread

Current thread:

XMB "U2U Instant Messenger" Cross-Site Scripting Advisory (Jan 22)