This site is soon to be deprecated by

Sunday, June 21, 2009

Bypassing Notifications -

As a preventative measure routes all user posted links through If the linked site is not on the msplinks whitelist a notification that the user is visiting an external site is displayed, and the the user must click another link to continue. To circumvent this system, an XSS vulnerability in a whitelisted site can be used as a redirect.

Fortunately has a vulnerability. By prepending 01 to an xss redirect url, base64 encoding the result, and appending it to we can create a link that can be posted on Myspace. When the user clicks this link, no external site warnings are displayed.

The vulnerable whitelisted site:"]}}};window.location='';{{{//

A msplinks link that redirects to the xss redirect:

Thursday, June 4, 2009

Breaking Things With Null - Classifieds.Myspace.Com

Sometimes passing special characters through a query string can cause in strange behavior. Using URL encoding we can search for the null character on The result is an error page notifying the user that the server is too busy, and it just so happens that the retry link has a Chrome and IE compatible XSS vulnerability."onmouseover="alert(0);

And with styling:"onmouseover="alert(0);"style="float:left;height:999px;width:999px;margin-top:-400px

Tuesday, June 2, 2009

Getting The Most Out Of onmouseover -

Getting The Most Out Of onmouseover -
By styling a vulnerable element the inline onmouseover event can be nearly as effective as onload. Using the width and height CSS properties the chance of a user hovering their mouse over a vulnerable element can be greatly increased."onmouseover="alert(0);

Prior to styling the control the injected script is only run if the user hovers over the search input in the center of the screen."style="width:999px;height:999px;"onmouseover="alert(0);

With more screen real estate taken up by the newly styled input chances of triggering the event are better.