Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Facebook XSS
Date: May 05, 2007 12:04AM

https://secure.facebook.com/cards.php

basically every field isn't sanitized O.O
You would think the 'credit card' page with domain 'secure' would be the most secure.

Options: ReplyQuote
Re: Facebook XSS
Posted by: rsnake
Date: May 08, 2007 07:50PM

Why would I think that? ;)

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Facebook XSS
Posted by: tr3ndkill
Date: June 15, 2007 10:00PM

$$$

Options: ReplyQuote
Re: Facebook XSS
Posted by: acidburn
Date: July 17, 2007 11:40AM

either they've fixed this or i can't find the problem -- know which it is?

Options: ReplyQuote
Re: Facebook XSS
Date: July 17, 2007 12:55PM

Yeah it looks as if they fixed it.

Options: ReplyQuote
Re: Facebook XSS
Posted by: hackathology
Date: July 22, 2007 12:33AM

verified, its fixed.

I know i am late again :)

http://hackathology.blogspot.com

Options: ReplyQuote


Sorry, only registered users may post in this forum.