Xfire/AIM

Well…i saw a persons status on xfire, which was a link..i clicked it, and it changed my status to w.e he wanted..in his status, he typed:

gg xfire:status?text=I%20are%20dumb%20+gay```


which would make a persons status change to I are dumb +gay whenever they clicked it..it also works on AIm with away messages..my question is..does this mean xfire is exploitable, or is it just a simple snippet that people get annoyed by? Just wonderin...

Well with aim it's like aim scripting or whatever, not sure if it's exploitable though, :-\. Might be but I'm not sure.

yeh you can do it using IE too, another vuln program is skype.

Say if you opened a premium rate company, and tricked anyone visiting a site to redirect to markupcallto://phonenumber using <body onload()="location.hfef…"> javascript you could get anyone visiting that site on IE to ring that number…

thus making you a bundle.

i see…could you elaborate?

Only_Samurai made an article on things like that. Don't remember the name though, :-\. I think it's under web hacking.