vineri, 2 martie 2012

Photobucket.com Cross Site Scripting

# Date: 2.03.2012
# Author: Sony
# Web Browser : Mozilla Firefox
# PoC:
http://st2tea.blogspot.com/2012/03/photobucketcom-cross-site-scripting.html
..................................................................

Simple.

Step 1.

Our Profile:

Put our xss code in the fields: First name and Last name and ..save.


Step 2.

Open page:

http://smg.photobucket.com/friendfinder




And press button invite friends and enjoy! We can see a persistent xss bug. But it's not a critical bug.



Publicat de Sony la 09:49
Etichete: ,

0 comentarii:

Trimiteți un comentariu

Rețineți: Numai membrii acestui blog pot posta comentarii.