|
|
 |
| New User, Welcome! Login |
MySpace Scripts - Poll Creator JavaScript Injection Vulnerability
| From: |
DoZ HackersCenter com |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
MySpace Scripts - Poll Creator JavaScript Injection Vulnerability |
| Date: |
Thu - Nov 22, 2007 09:30 AM |
[HSC]MySpace Scripts - Poll Creator JavaScript Injection Vulnerability
Our MySpace Poll Creator script is the ultimate addition to your MySpace resource
site. The script enables your user to quickly and easily create a poll that they
can post to profile or bulletin to all their friends. Everyone loves to create a
poll and gather opinions and this isn't something that's available on every other
MySpace resource site.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Input Validation Error
Vendor: http://www.m2scripts.com
Product: MySpace Scripts - Poll Creator
* Attackers can exploit these issues via a web client.
Cross-Site Scripting:
http://www.victim.com/poll/index.php/XSS
Example of Advance Exploitation of the Application:
Once we have found that the application is vulnerable to JavaScript Injection we see
that there is a form that will be our source of input to alter page source code the Files.
Now we can advance this type of attack by injecting an evil script trough
/poll/index.php?action=create_new. Now we can inject any code into the Raw From Box
and submit. This will leave a persistent Code on the Server side.
Example: http://www.victim.com/poll/index.php?action=create_new
Only becoming a Ethical Hacker, you can stop a Hacker. Learn with out having
to pay thousands!- http://kit.hackerscenter.com - The most comprehensive security
pack you will ever find on the net!
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
