[转载]WPkontakt Message Parsing Error
信息来源:[url]www.securiteam.com[/url]Summary
WPkontakt is "a Polish instant messenger". Due to incorrect filtering don by WPkontakt, a remote attacker can inject arbitrary HTML/JavaScript into the content returned by the server.
Credit:
The information has been provided by Jaroslaw Sajko.
Details
Vulnerable Systems:
* WPKontakt version 3.0.1 and prior
Immune Systems:
* WPKontakt version 3.0.1p1 or newer
An error returned during the parsing an email addresses, allows a remote attack to inject HTML/JavaScript.
Example:
The following email address will trigger the error:
test@"style="background-image:url(javascript:alert(%22You%20are%20owned!%22>))".wp.pl
页:
[1]