API Security Testing for Dummies [Free eBook]
Persistent XSS vulnerability in eBuddy Web Messenger
A team member from Virtual Luminous Security, Russian Federation, has discovered a persistent XSS vulnerability in eBuddy (the biggest web IM solution in the world) by transmitting messages with embedded encoded javascript code.
In-depth detail
eBuddy Web Messenger suffers from an encoded-Persistent XSS vulnerability in the messaging function. (while sendingA message with embedded code to another authorized user in eBuddy WebMessenger).
Exploit exampleA team member from Virtual Luminous Security, Russian Federation, has discovered a persistent XSS vulnerability in eBuddy (the biggest web IM solution in the world) by transmitting messages with embedded encoded javascript code.
In-depth detail
eBuddy Web Messenger suffers from an encoded-Persistent XSS vulnerability in the messaging function. (while sendingA message with embedded code to another authorized user in eBuddy WebMessenger).
Plain XSS (Not going to store, nor execute)
<script>alert('eBuddy Persistent XSS');</script>
Encoded
text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E
[*] The attacker sends the encoded embedded code in an IM message.
[*] The victim receives the message with the encoded embedded code and it executes on the victims browser.
➤ Read Latest Stories
Check Out These Free Cybersecurity Resources
Securely Integrate Open Source Into Your Software Supply Chain
Earn a Master's in Cybersecurity Risk Management
Exclusive Cybersecurity Deals
🔥 Learn Professional Hacking
10 courses + 1,236 lessons on latest techniques, forensics, malware analysis, network security and programming.
➤ Access Online Training Courses
🔥 Cybersecurity Certification Training
Get 1-year access to 108 hours of instruction on globally-recognized CISA, CISM, CISSP, PMI-RMP, and COBIT 5 certifications.
➤ Access Online Training Courses
📰 News Stories from 02 Sep, 2011