検索:
ホーム   »     »   ICQ Cross-site scripting exploit

ICQ Cross-site scripting exploit

  • 投稿日:2006年1月20日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

A Security Researcher from MorX found ICQ web sites that are prone to Cross site-scripting exploits. The attacker can execute almost any scripts. Here’s a proof of concept:



  • http://www.icq.com/whitepages/sea<BLOKED>rch_result.php?online=on&home_country_code=0
    &age_group=&gender=%3Cscript%3Ealert(‘Hello%20World’)%3C/script%3E
    &interest_text=&photo=1

When you click the link above, it is suppose to display a message box that says “Hello World”. But it appears that ICQ has already patched the said search_result.php file.


Again, to protect you from this type of attacks, you may set your IE’s security settings to High. Here’s how:



  1. Go to Control Panel and double-click Internet Options.
  2. Click on Security Tab
  3. Click on the Internet with a globe icon.
  4. Move the slider up to High
  5. Click Apply button then click Ok.

For more information about this vulnerability, click here.


No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.