Video: Hacking AIM with Cross Site Scripting (XSS) attacks
A cross site scripting vulnerability is discovered in the website for AIM at http://aim.com and it is the subject of the following hacking demonstration video.
A malicious user has abilities to edit the URL address of the real AIM site to permit his own characters to be injected into the browser of a not malicious victim. It is with these characters that the malicious user is able to cause damage to the friendly user by means of scripting attacks from another website also known as Cross Site Scripting.
The AIM XSS Vulnerability is still active and can be exploited by every malicious user at the time of todays updates.
Demonstration: http://www.aim.com/remote/step1.adp?aolp=”><h1><a href=”//xssworm.com”>xss worm</a></h1>
