This site is soon to be deprecated by http://www.johnleitch.net

Sunday, May 2, 2010

Friendster.com Persistent XSS

Data submitted via album description and a few other fields is not properly escaped before being rendered into javascript.

Exploit: \";alert(0);//

PoC: http://www.friendster.com/viewalbums.php?uid=120927091

No comments:

Post a Comment