-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathnullsec-icq.txt
108 lines (62 loc) · 2.04 KB
/
nullsec-icq.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
===============================================================================
| |
____ _ __
___ __ __/ / /__ ___ ______ ______(_) /___ __
/ _ \/ // / / (_-</ -_) __/ // / __/ / __/ // /
/_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, /
/___/ team
PUBLIC SECURITY ADVISORY
| |
===============================================================================
TITLE
=====
ICQ - Persistent Cross Site Scripting Vulnerability
AUTHOR
======
noptrix
DATE
====
07-26-2011
VENDOR
======
ICQ - http://www.icq.com/
AFFECTED PRODUCT
================
ICQ Client in version <= 7.5
AFFECTED PLATFORMS
==================
Windows XP, Vista, 7
VULNERABILITY CLASS
===================
Cross Site Scripting
DESCRIPTION
===========
ICQ suffers from a persistent Cross-Site Scripting vulnerability due to a lack
of input validation and output sanitization of the profile entries.
PROOF OF CONCEPT
================
The following Javascript payload can be used as profile entries to trigger
the described vulnerability:
--- SNIP ---
"><iframe src=z onload=alert('xss_p0wer_lol') <
--- SNIP ---
For a PoC demonstration see:
[+] http://www.nullsecurity.net/tmp/icq_cli_xss.png
[+] http://www.nullsecurity.net/tmp/icq_cli_xss2.png
IMPACT
======
An attacker could trivially hijack session IDs of remote users and leverage the
vulnerability to increase the attack vector to the underlying software and
operating system of the victim.
THREAT LEVEL
============
High
STATUS
======
Fixed.
DISCLAIMER
==========
nullsecurity.net hereby emphasize, that the information which is published here are
for education purposes only. nullsecurity.net does not take any responsibility for
any abuse or misusage!
Copyright (c) 2011 - nullsecurity.net