GreyHat Hackers Sony and Flexxpoint come with interesting xss found, discovered cross site scripting vulnerability in Odnoklassniki. Odnoklassniki (Одноклассники in Russian, Classmates) is a social network service for classmates and old friends reunion popular in Russia and other former Soviet Republics. It was created by Albert Popkov on March 4, 2006.
He provided the vulnerable link and video to demonstrate the vulnerability:
In order to verify the vulnerability, we have to login because the page is available only for logged in users.
POC video:
He provided the vulnerable link and video to demonstrate the vulnerability:
http://www.odnoklassniki.ru/dk?st.cmd=appSearchResultList&st.isEmpty=off&st.query=%22%22%3E%3Cscript%3Ealert%28%22Odnoklassniki.ru%20Cross%20Site%20Scripting%22%29%3C/script%3E%3Ciframe%20src=%22http://xssed.com%22%3E
 |
| Screenshot |
POC video:
