The reader of iGuRu.gr, J0k3R-GR, has notified us of an XSS weakness in the browser game ikariam.gr. We quote the notification e-mail sent to the site's managers.
"Look at the image, I found a security gap on your website, it's XSS (image proof), it can be used for malicious purposes."
And the evidence of vulnerabilityς
The image link to a higher resolution
http://postimg.org/image/
Continuing J0k3R-GR reports:
The ones vulnerabilities XSS we take advantage of them by inserting HTML or Javascript into a page. This code does not filter and can cause corruption in the site's code.
Thus a malevolent user can cause:
1.Shield personal data
2.Key cookies
3. Changes that can only be made by the administrator
4.Advertising
5.Refresh Shell
And much more.
To see if a page is vulnerable to XSS attacks then put it in a textbox on the page:
script>
Many times, however, this is not enough.
The attacker may need to use various techniques to bypass filtering, for example by writing this:
And much more.
We thank the reader of our J0k3R-GR website for reporting the vulnerability to us and to the browser game executives who, as seen from the response date on the ticket, responded immediately.
