[转载]WPkontakt Message Parsing Error

信息来源：www.securiteam.com

Summary
WPkontakt is "a Polish instant messenger". Due to incorrect filtering don by WPkontakt, a remote attacker can inject arbitrary HTML/JavaScript into the content returned by the server.

Credit:
The information has been provided by Jaroslaw Sajko.

Details
Vulnerable Systems:
* WPKontakt version 3.0.1 and prior

Immune Systems:
* WPKontakt version 3.0.1p1 or newer

An error returned during the parsing an email addresses, allows a remote attack to inject HTML/JavaScript.

Example:
The following email address will trigger the error:
test@"style="background-image:url(javascript:alert(%22You%20are%20owned!%22>))".wp.pl