Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev

XSS Flaw discovered in Skype's Shop, user accounts targeted

By Dancho Danchev | February 24, 2012, 2:10am PST

Summary: The independent security researcher Ucha Gobejishvili has detected a cross site scripting (XSS) vulnerabilities affecting shop.skype.com and api.skype.com.

The independent security researcher Ucha Gobejishvili has detected a cross site scripting (XSS) vulnerabilities affecting shop.skype.com and api.skype.com.

Upon successful exploitation the vulnerability allows an attacker to hijack cookies via required user interaction, leading to complete session hijacking and stealing of the account.

Skype has been informed of the vulnerabilities and is currently investigating.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Spamvertised 'Scan from a HP OfficeJet' emails lead to exploits and malware

Android drive-by download attack via phishing SMS

Topics

User Account, Researcher, Flaw, XSS, Skype Technologies S.A., Security, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Full Bio
Disclosure
Contact

Vendor HotSpot

The 360° Conversation around Cloud Computing

TECH VISUALIZER brings the social conversation to life... powered by Brocade

Learn More »

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

Apple updates iOS to 5.1.1 with vulnerability fixes

Ask a Question Start a Discussion

1

Comments

Add Your Opinion

Join the conversation!

Follow via:: RSS; Email Alert

Please Select
Please Select

0 Votes

+ -

XSS Flaw

computer112 26th Feb

If I remember exactly similar XSS flaws were discovered on the same site section a few months ago.

Sources based on xssed.com

Reply
Flag

Join the conversation!

Subject (Max length: 75 characters)

Formatting + Comment

BB Codes - Note: HTML is not supported in forums

[b] Bold [/b]
[i] Italic [/i]
[u] Underline [/u]
[s] Strikethrough [/s]
[q] "Quote" [/q]

[ol][*] 1. Ordered List [/ol]
[ul][*] · Unordered List [/ul]
[pre] Preformat [/pre]
[quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Vendor Showcase

TECH VISUALIZER Sponsored by Brocade

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources

The Best Ways to Migrate Lotus Notes Applications to SharePoint and Office 365Migrating Notes to SharePoint Online/Microsoft Office ... (Quest Software)Download Now
Solve the 6 Top Problems in Your Data CenterWhat are the top 6 problems in your data center and how do you solve them? ... (Hewlett-Packard (HP))Download Now
Office 365 Migration Guide: Approaches, Techniques and ChallengesNo Headache, No Hassles Microsoft 365 Migration

Your company is ... (Quest Software)Download Now

A CNET Professional Brand

ZDNet

Log In | Join | Site Assistance | Follow via Twitter Facebook Email

All of ZDNet
Reviews
Downloads

Featured Articles

Top Productivity Apps for the iPad 3

Top Productivity Apps for the iPad 3

The new iPad is a good tool for getting things done.

Facebook Lockdown: The Definitive Guide

Facebook Lockdown: The Definitive Guide

Facebook's privacy and security settings have changed massively.

A power user's guide to Windows 8

A power user's guide to Windows 8

Ed Bott reveals small but useful hidden shortcuts, surprises, and secrets.

Love stinks: The worst mergers in tech

Love stinks: The worst mergers in tech

Corporate mergers can end in utter disaster.

Services

Popular on CBS sites: US Open | PGA Championship | iPad | Video Game Reviews | Cell Phones

© 2012 CBS Interactive. All rights reserved. Privacy Policy | Ad Choice | Terms of Use

Around the network