Lucene search
SecurityvulnsSECURITYVULNS:DOC:15796HistoryJan 24, 2007 - 12:00 a.m.
XMB "U2U Instant Messenger" Cross-Site Scripting
2007-01-2400:00:00
vulners.com
44
#Aria-Security Team
#http://Aria-Security.com
#Contact: [email protected]
#Type:Remote Cross-Site Scripting
#Article on XSS: http://aria-security.net/xss.rar
#Discovered By Aria-Security Team
#Software: XMB U2u Instant Messenger
#Explanation:
First of all user must be REGISTERED
- Go to http://target/xmbpath/memcp.php —> U2U Instant Messenger
- Inster your xss code for the recipient
- Press Preview
Original Advisory
http://aria-security.com/forum/showthread.php?p=129