A Security Researcher from MorX found ICQ web sites that are prone to Cross site-scripting exploits. The attacker can execute almost any scripts. Here’s a proof of concept:
When you click the link above, it is suppose to display a message box that says “Hello World”. But it appears that ICQ has already patched the said search_result.php file.
Again, to protect you from this type of attacks, you may set your IE’s security settings to High. Here’s how:
- Go to Control Panel and double-click Internet Options.
- Click on Security Tab
- Click on the Internet with a globe icon.
- Move the slider up to High
- Click Apply button then click Ok.
For more information about this vulnerability, click here.