Inbox.com Cross Site Scripting (XSS) vulnerability !
Reflected cross-site scripting vulnerabilities arise when information is copied from a asking together with echoed into the
application's immediate answer inward an dangerous way. An assailant tin move the vulnerability to build a
asking which, if issued past times to a greater extent than or less other application user, volition movement JavaScript code supplied past times the attacker
to execute inside the user's browser inward the context of that user's session amongst the application.
The attacker-supplied code tin perform a broad diverseness of actions, such every bit stealing the victim's session
token or login credentials, performing arbitrary actions on the victim's behalf, together with logging their keystrokes.
Users tin last induced to termination the attacker's crafted asking inward diverse ways. For example, the attacker
tin shipping a victim a link containing a malicious URL inward an electronic mail or 2d message. They tin submit the
link to pop spider web sites that let content authoring, for instance inward weblog comments. And they tin create
an innocuous looking spider web site which causes anyone viewing it to brand arbitrary cross-domain requests
to the vulnerable application (using either the GET or the POST method).
Submitted past times : Samad Khan (Con5tanTine)
Share This :
comment 0 Comments
more_vert