Vulners
Lucene search
QQ Email in-box xss vulnerability
Author: AmesianX in powerhacker.net([email protected])
Document Link: http://powerhacker.net/mail_qq_com_xss_vulnerability_written_by_AmesianX.pdf
Version: 2012-06-28 (NowTime: 0-Day)
Tested on: IE 9.0, Chrome, FireFox
Patch on:2012-07-02
1. click the E-Mail Write Button
2. Upload file (Only important : BigAttachFile menu)
- Second upload button(BigAttachFile) is non-flash uploading files.
- upload filename is "play.txt" of 8 byte.
3. Proxing and Injection
- Standby BurpProxy Capture-ON
- Click the Email Send Button
- Let's see the "bigattachcontent=" value in burpproxy.
- Change "play.txt" string
- "play.txt" --> %22%20onmousemove=%22alert('test')%22%20
4. Injection 2
- Let's see the "bigattachcontent=" value in burpproxy.
- Change "8 Byte" string
- "B" --> %3E
5. off the proxy and send email.
6. let's open the email and move your mouse cursor near around the
attachment file.
- attend "onmousemove event"
7. reference: click documentation above Document Link (Korean Language)
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Jul 2012 00:00Current
7.1High risk
Vulners AI Score7.1