XSS vulnerability in 2shared.com reported by Virus_Hima

Pierluigi Paganini March 15, 2013
The Egyption hacker Virus_Hima hit again, he became famous in the latest months thanks the discovery of Adobe and Yahoo vulnerabilities. This hacker is an example, he supports the research and never tried to sell information on flaws discovered on the undergroud, he is a gray hat from which to learn, so it is for me! He is now on the news again but this time without any pastebin or leak plans. Yesterday I received a message from Virus_Hima that informed me that he has found an XSS vulnerability in the famous file sharing web site 2shared.com, he also confimerd me that once again he and cooperated with company developers to fix the flaw.
Following the screen shots of the 2shared.com support replies that demonstrate the support of Virus_Hima and also the prompt resply of security team at 2shared.com.
MailSupport
MailSupport2
following image of a POC
POC
What is the Impact of a xss vulnerability?
Malicious users may inject JavaScript, VBScript, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.
Virus_Hima has helped Yahoo and Adobe before to fix the vulnerabilities that he found in their systems which mean he looks to be stable with the “Grey Hat” after taking off the “Black Hat”, reporting such vulnerabilities to the vendors will help protecting data of the customers who is using the service of those vendors.
I wish him a good luck with his business career … companies this guy is your man!
Pierluigi Paganini
(Security Affairs – Hacking) 


you might also like

leave a comment