[Full-disclosure] Libero.it (italian ISP) XSS vulnerability

[Florian Stinglmayr]

Rosario Valotta wrote:
> Libero.it, one of the most important italian ISP (www.libero.it) is
> affected from a XSS vulnerability.
> The vulnerability can be found in the "Community" section of Libero
> portal, and the affected functionality is "add nick" (
> http://digiland.libero.it/profilo.phtml?nick=).
> The implementation of this functionality allows the injection of
> malicious code in the URL, so that an attacker can steal username and
> password of the victim accessing his cookie.
> 

Nice find!

-- 
Florian Stinglmayr
fstinglmayr at gmail.com