Nov 20, 2012

Skype Account Service Session Token Bypass

Proof of Concept:
The vulnerability can be exploited by remote attackers without required user inter action and without privileged user account.
For demonstration or reproduce ...

Reset Account: (Mail Link)

which leads to the expired request with the already used session 6h+ ago ...

It is only required to insert 0 (zero) in the GET/POST request make the session valid again. Replace token_expired=1 => token_expired=0

Video(PoC Demo):

2012-11-12:  Vendor Fix/Patch (Skype)

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

No comments: