<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: XSS in TheFaceBook round 2

XSS in TheFaceBook round 2

From: Alex Lanstein <alex.lanstein_at_gmail.com>
Date: 15 Nov 2004 05:31:26 -0000

('binary' encoding is not supported, stored as-is) Authors: Alex Lanstein, Ivo Parashkevov
Date: November 15, 2004

Affected Software: TheFaceBook - All Versions
Software URL: http://www.thefacebook.com

TheFaceBook, a popular college networking (social, not technological) tool is vulnerable
to many XSS holes in it's search and editing methods.

In contact.php, the "New School" field is vulnerable to an XSS attack.

No POC needed, just put whatever code you want into the field. Might want to check on that Email field too...I smell another sql attack :-)

greets to luthy, pramod, cc summer crew 2003, and of course, gab :-)
Received on Nov 15 2004

This message: [ Message body ]
Next message: customer service mailbox: "iDEFENSE Security Advisory 11.15.04: Multiple Security Vulnerabilities in Fcron"
Previous message: Stefan Esser: "Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]