[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Libero.it (italian ISP) XSS vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Libero.it (italian ISP) XSS vulnerability
From: Florian Stinglmayr <fstinglmayr@xxxxxxxxx>
Date: Mon, 26 Mar 2007 14:44:08 +0200

Rosario Valotta wrote:
> Libero.it, one of the most important italian ISP (www.libero.it) is
> affected from a XSS vulnerability.
> The vulnerability can be found in the "Community" section of Libero
> portal, and the affected functionality is "add nick" (
> http://digiland.libero.it/profilo.phtml?nick=).
> The implementation of this functionality allows the injection of
> malicious code in the URL, so that an attacker can steal username and
> password of the victim accessing his cookie.
> 

Nice find!

-- 
Florian Stinglmayr
fstinglmayr@xxxxxxxxx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Libero.it (italian ISP) XSS vulnerability
  - From: Rosario Valotta

Prev by Date: [Full-disclosure] Libero.it (italian ISP) XSS vulnerability
Next by Date: [Full-disclosure] Xbox live account stolen.
Previous by thread: [Full-disclosure] Libero.it (italian ISP) XSS vulnerability
Next by thread: [Full-disclosure] Xbox live account stolen.
Index(es):
- Date
- Thread