XMB "U2U Instant Messenger" Cross-Site Scripting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XMB "U2U Instant Messenger" Cross-Site Scripting
From: Advisory@xxxxxxxxxxxxxxxxx
Date: 20 Jan 2007 22:09:27 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

#Aria-Security Team
#http://Aria-Security.com
#Contact: Advisory@xxxxxxxxxxxxxxxxx
#Type:Remote Cross-Site Scripting
#Article on XSS: http://aria-security.net/xss.rar
#Discovered By Aria-Security Team
#Software: XMB U2u Instant Messenger
#
#Explanation:
First of all user must be REGISTERED
- Go to http://target/xmbpath/memcp.php  ---> U2U Instant Messenger
- Inster your xss code for the recipient 
- Press Preview


Original Advisory
http://aria-security.com/forum/showthread.php?p=129

Prev by Date: Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor
Next by Date: Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass
Previous by thread: [SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution
Next by thread: XSS in Guestbook ( v.4.00 beta )
Index(es):
- Date
- Thread