XSS weakness in the ikariam.gr browser game

The reader of iGuRu.gr, J0k3R-GR, has notified us of an XSS weakness in the browser game ikariam.gr. We quote the notification e-mail sent to the site's managers.

"Look at the image, I found a security gap on your website, it's XSS (image proof), it can be used for malicious purposes."

Capture 1

And the proof of vulnerability

XSS

The image link to a higher resolution
http://postimg.org/image/6lvaz49cn /

Continuing J0k3R-GR reports:

The vulnerabilities XSS we take advantage of them by inserting HTML or Javascript into a page. This code does not filter and can cause corruption in the site's code.

So a malicious user can cause:

1.Shield personal data
2.Key cookies
3. Changes that can only be made by the administrator
4.Advertising
5.Refresh Shell
And much more.
To see if a page is vulnerable to XSS attacks then put it in a textbox on the page:
alert('XSSed')</script>
Many times, however, this is not enough.
The attacker may need to use various techniques to bypass filtering, for example by writing this:
alert('xss')
And much more.
We thank the reader of our J0k3R-GR website for reporting the vulnerability to us and to the browser game executives who, as seen from the response date on the ticket, responded immediately.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.098 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).