XSS weakness in the ikariam.gr browser game

His reader , J0k3R-GR, notified us of an XSS vulnerability in the game ikariam.gr. Here is the notification e-mail that was also sent to the website managers.

"See her , I found a security hole in your website, it is XSS (proof in the image), it can be used for malicious purposes.”

Capture 1

And the proof of vulnerability

XSS

The image link to a higher resolution
http://postimg.org/image/6lvaz49cn /

Continuing J0k3R-GR reports:

The vulnerabilities XSS we exploit them by inserting HTML code or on one page. This code does not filter and thus may cause corruption in the website code.

So a malicious user can cause:

1.Shield personal data
2.Key cookies
3. Changes that can only be made by the administrator
4.Advertising
5.Refresh Shell
And much more.
To see if a page is vulnerable to XSS then you put in a textbox on the page:
And much more.
We thank the reader of our J0k3R-GR website for reporting the vulnerability to us and to the browser game executives who, as seen from the response date on the ticket, responded immediately.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

browsercookiesgameikariamXSS

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).