New Account hijacking vulnerability found in Skype
A critical Cross site scripting (XSS) has been found in Skype which leads to account hijacking. This vulnerability is found in the versions which have facebook integration. This integration alllows users to see the facebook activity and post status updates.
security researcher David Vieira-Kurz discovered that the status comment field does not properly sanitize input and executes JavaScript code. Any attacker can exploit this vulnerability to post a comment that executes rogue code which steals a visitor's Skype session cookie when they view it in the browser.
But the attacker should in friend list, this is the limitation of this attack
No comments:
Post a Comment