Paid Advertising is
ha.ckers sla.cking
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In (Cisco Owned)
Posted by: digi7al64
Date: March 05, 2007 09:28PM

Cisco has decided to join the social networking arena

To welcome them on the "scene" here is the some reflective xss.;%3C/script%3E;%22&scrntemp=pub%2CGlobalFind.vm;&scrntemp=pub%2CGlobalFind.vm'XSS'));%22&scrntemp=pub%2CGlobalFind.vm

as you can see, most stuff gets through and i can only imagine how "secure" the actual persistent data is. Perhaps i might join!

Ohhh, please post all your tribe spoilts in here. It will be interesting to see how many we can gather.

'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: (Cisco Owned)
Posted by: rsnake
Date: March 06, 2007 04:39PM

I was amazed when I saw this, but then I saw the quote, "[the company] allows large companies to easily add social-networking features to their Web sites without needing to hire a team of engineers from Stanford to do it."

While I'm not a big fan of building social networking sites, I can get on board with not wanting to hire Stanford grads... hahah... just kidding.

- RSnake
Gotta love it.

Options: ReplyQuote
Re: (Cisco Owned)
Posted by: tx
Date: March 23, 2007 05:22AM

The nextpage variable in the links works as a weird redirect. If the url is http://www.whatever.tld it will replace 'www' with the name of the city the user clicks (generally) sending the user to http://citysubdomain.whatever.tld.
if the domain is one letter (ie it will simply replace the character (alpha) with the the city name .

I suppose something like that could have some limited seo value...

EDIT: Actually, the links are javascript, so that kills the seo value.

-tx @

Edited 2 time(s). Last edit at 03/23/2007 05:25AM by tx.

Options: ReplyQuote
Re: (Cisco Owned)
Posted by: hackathology
Date: March 30, 2007 03:57AM

hahahhaha, i guess every big cooperation gets XSS. Trust me. You can try it on cisco, microsoft, oracle, will definitely find XSS. Agree?

Options: ReplyQuote

Sorry, only registered users may post in this forum.