mps-insertion.txt

`[HSC]MySpace Scripts - Poll Creator JavaScript Injection Vulnerability  
  
  
Our MySpace Poll Creator script is the ultimate addition to your MySpace  
resource  
site. The script enables your user to quickly and easily create a poll that  
they  
can post to profile or bulletin to all their friends. Everyone loves to  
create a  
poll and gather opinions and this isn't something that's available on every  
other  
MySpace resource site.  
  
  
Hackers Center Security Group (http://www.hackerscenter.com)  
Credit: Doz  
  
  
Risk: Medium  
Class: Input Validation Error  
  
  
Vendor: http://www.m2scripts.com  
Product: MySpace Scripts - Poll Creator  
  
  
* Attackers can exploit these issues via a web client.  
  
  
Cross-Site Scripting:  
  
http://www.victim.com/poll/index.php/XSS  
  
  
Example of Advance Exploitation of the Application:  
  
Once we have found that the application is vulnerable to JavaScript  
Injection we see  
that there is a form that will be our source of input to alter page source  
code the Files.  
Now we can advance this type of attack by injecting an evil script trough  
/poll/index.php?action=create_new. Now we can inject any code into the Raw  
>From Box  
and submit. This will leave a persistent Code on the Server side.  
  
  
  
Example: http://www.victim.com/poll/index.php?action=create_new  
  
  
  
  
  
  
Only becoming a Ethical Hacker, you can stop a Hacker. Learn with out having  
to pay thousands!- http://kit.hackerscenter.com - The most comprehensive  
security  
pack you will ever find on the net!  
`