Categories

Recent Posts

Recent Comments

Recent Search

August 15, 2010

Friendster XSS Through FBML

Posted by: Joy  :  Category: Linker, Vulnerability
Friendster FBML Hole Status : Filtered (September, 2010)
Released : August, 2010
Author : no_one
Greetings : Angell de Ville & The Friendster Team

MyFeeling Widget Linker

The last shoutout linker has been filtered already about a month after being released. Now i’m trying to share again another persistent xss on friendster that can be used to add layouts to our profile. Here, we’re gonna use the old FBML platform on friendster applications. as you might already know, actually this platform was already removed from their developer page about a year ago, but some of the old ones are still intact.

OK, let’s just go straight to the steps. Follow these instructions carefully :

1. Login to your friendster
2. Use this to generate the XSS code to bypass the filter

    :arrow: MyFeeling Linker Generator

3. Choose the script injection type you want to use
4. Put your JS and or CSS layout and or website URL on the box, then click generate
5. Copy the generated code
6. Add this application to your profile. dont forget to uncheck the invite friends checkbox
7. Replace the words “happy,sad, enter here” with the code from the generator
8. Press enter or click update profile at the bottom part of the widget
9. Check your profile, enjoy your layout.

PoC :
http://profiles.friendster.com/crazydavincidotnet

As usual, remember, this is merely a temporary method to insert linker till they find out what we’re doing with their widget. Lolz, it feels like i’m the only one who is still playing with the friendster team :D

Happy tweaking ;)

9 Responses to “Friendster XSS Through FBML”

  1. 1
    mardagz Says:
    August 15th, 2010 at 10:47 pm

    Nice one.. thank you so much for this,,
    by the way, can i post this application to my forum?
    i will add credit to crazycavinci

  2. 2
    Joy Says:
    August 15th, 2010 at 11:15 pm

    @mardagz
    ah yes bro. i dont care anymore about being filtered by the team now.
    you can post it on your forum, i miss the old friendster community
    facebook really rules now

  3. 3
    nad Says:
    August 26th, 2010 at 4:15 am

    filterd again..=(

  4. 4
    Soni Says:
    August 29th, 2010 at 2:06 pm

    Dear Joy,
    Thank you so much for finding the new FS XSS, unfortunately only few Indonesian people still remain active in editing their profile, i’m the one of them, so I’m still waiting for your info, and finally, THANK YOU so much. I think you should post on Bli Oka’s forum, Thank you :)

  5. 5
    Joy Says:
    August 30th, 2010 at 9:43 pm

    @nad11
    nope, it’s still active..

    @soni
    ah yes bro, facebook really rules now, yep this has been posted on forum balikita as well :)

  6. 6
    shane Says:
    September 2nd, 2010 at 2:24 am

    Its been filtered all ready.Crazy can you make one again

  7. 7
    RickAdam Says:
    September 3rd, 2010 at 11:26 pm

    App not found.

  8. 8
    ogie Says:
    November 2nd, 2010 at 5:45 pm

    ihirrrr…. filtered.. kapan muncul yg baru lagi nee… cetok cetok

  9. 9
    Joy Says:
    November 2nd, 2010 at 6:50 pm

    @all
    will be posted soon..
    have to make a decission which one to release next ;)

Leave a Reply

Comment moderation is enabled. Your comment may take some time to appear.

Narsis Corner



    :: Link Me Back ::
    = With Image =
    !CrazyDavinci!

    = Link Only =
    :: Special Links ::

Media-Box

Web Hosting Services

    Hostgator Review BluehostReview JustHost Review InMotion Review HostMonster Review

Popular Search