Bugtraq mailing list archives
XSS in TheFaceBook round 2
From: Alex Lanstein <alex.lanstein () gmail com>
Date: 15 Nov 2004 05:31:26 -0000
Authors: Alex Lanstein, Ivo Parashkevov Date: November 15, 2004 Affected Software: TheFaceBook - All Versions Software URL: http://www.thefacebook.com TheFaceBook, a popular college networking (social, not technological) tool is vulnerable to many XSS holes in it's search and editing methods. In contact.php, the "New School" field is vulnerable to an XSS attack. No POC needed, just put whatever code you want into the field. Might want to check on that Email field too...I smell another sql attack :-) greets to luthy, pramod, cc summer crew 2003, and of course, gab :-)
Current thread:
- XSS in TheFaceBook round 2 Alex Lanstein (Nov 15)