Code:
Description:
------------
ICQ suffers from a persistent Cross-Site Scripting vulnerability due to a lack
of input validation and output sanitization of the profile entries.
Proof of Concept:
-----------------
The following Javascript payload can be used as profile entries to trigger
the described vulnerability:
--- SNIP ---
"><iframe src=z onload=alert('xss_p0wer_lol') <
--- SNIP ---
For a PoC demonstration see:
- http://www.noptrix.net/tmp/icq_cli_xss.png
Impact:
-------
An attacker could trivially hijack session IDs of remote users and leverage the
vulnerability to increase the attack vector to the underlying software and
operating system of the victim.
Threat Level:
-------------
High
__________________
Join the BEST cam affiliate program on the internet!
I've referred over $1.7mil in spending this past year, you should join in.
I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..
