eBuddyWeb Messenger(0day) XSS Vulnerabilities [by Dreamclown]

# Exploit Title: eBuddyWeb Messenger(0day) XSS Vulnerabilities
# Google Dork: N/A
# Date: 30.11.2010
# Author: Dreamclown
# Software Link: N/A
# Version: N/A
# Tested on: Windows Xp Sp3
# CVE : N/A

===========================================================
-----------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------
------DDDDDDDDDDDDDDDDDDDDD-----------CCCCCCCCCCCCCCCCC-------------------
-----DDDDD---------------------------DDD-------CCCC-------------------------------------------
-----DDDDD---------------------------DDD-------CCCC-------------------------------------------
-----DDDDD---------------------------DDD-------CCCC-------------------------------------------
-----DDDDD---------------------------DDD-------CCCC-------------------------------------------
-----DDDDD---------------------------DDD-------CCCC-------------------------------------------
-----DDDDD---------------------------DDD-------CCCC-------------------------------------------
-----DDDDD---------------------------DDD-------CCCC-------------------------------------------
-----DDDDD---------------------------DDD-------CCCC-------------------------------------------
-----DDDDD---------------------------DDD-------CCCC-------------------------------------------
------DDDDDDDDDDDDDDDDDDDDD-----------CCCCCCCCCCCCCCCCC------------------
-----------------------------------------------------------------------------------------------------
-----------------------My Personal Blogger:http://dreamclownsoft.blogspot.com---------
-----------------------------------------------------------------------------------------------------
===========================================================

#Exploit:

-http://web.ebuddy.com

#How to Exploit:

-When your friend login in ebuddy and then you are login to MSN Messenger,Yahoo Messenger... to chat with your friend
Then send html code to them and it will run but your html code you will be URLencode before

#Example:

html code:
-

URLEncode:
%3Cscript%3Ealert%28%27Your%20Computer%20Has%20been%20hacked%27%3C%2fscript%3E

-and then your friend will see Messagesbox by your html code

===========================================================
#GreetZ: Pe3z,Edkung,Os555,ICheer_No0m,Exploit-db.com,Thaishadow.com,Laozaa.com
===========================================================

นี้คือ report ที่ผมได้ส่งไปให้ exploit-db แต่ยังไม่ได้ public เลย. ส่วนวิทีั่การโจมตืนั้นผมได้ทำเป็น video ใ้ว้แล้ว

ນີ້ຄື report ທີ່ຂ້ອຍໄດ້ສົ່ງໄຫ້ exploit-db ແຕ່ຍັງບໍ່ໄດ້ public ເລີຍ. ສ່ວນວິທີການໂຈມຕີນັ້ນຂ້ອຍໄດ້ເຮັດເປັນ video ໃວ້ແລ້ວ

Download Flash Video Here..!!!
Wrote by:

1 ความคิดเห็น:

  1. Edkung1/12/53 01:03

    แนะนำให้แก้ video size ครับ ดูลำบาก ^^'
    ทำให้เล็กลง นิดนึงจะดีกว่า เผื่อคนที่มีขนาดจอเล็กครับ

    ตอบลบ

Comment:

สมัครสมาชิก: ส่งความคิดเห็น (Atom)