WhatsApp website vulnerable to XSS Security flaw

Reported by Sabari Selvan on Wednesday, January 30, 2013 |

Sponsored Links

An Information Security Expert, Narendra Chavda From Ahmedabad Gujarat, has discovered a non-persistent XSS security flaw in the official website of WhatsApp.

Narendra found that the Search Query field in the FAQ webpage of the whatsapp.com is vulnerable to XSS attack.

When an attacker visits "www.whatsapp.com/faq/" and enter the xss code in the field , it successfully executes the entered script.

POC code :

www.whatsapp.com/faq/search/?q=<script>alert("E Hacking News")</script>

The site also allows users to inject the iframe code:

http://www.whatsapp.com/faq/search/?q=<iframe src="http://www.ehackingnews.com/"height="1000px"width="1000px">

Follow @EHackerNews

Category: Breaking News / Cyber Security News / hacker news / Non Persistent XSS / Vulnerability / XSS Vulnerability

Share This Article on Twitter/Facebook/Blog/Forum or Anywhere:

WhatsApp website vulnerable to XSS Security flaw  ~ eHackingNews:
http://www.ehackingnews.com/2013/01/security-flaw-in-whatsapp.html

About Author

Sabari Selvan is a Security Researcher, founder of E Hacking News who has more interest in Web application PenTesting and Malware analysis. You can find him on Google+ , Twitter and Facebook.

Home

WhatsApp website vulnerable to XSS Security flaw

About Author

Become a Fan

Funded by

Cyber Security and Privacy Foundation:

Get Latest news at Your Email