July 18, 2010
Posted by: Joy : Category: Vulnerability
Searching for XSS hole on social networking websites is really fun indeed. It feels like you have your own satisfaction whenever you find it by yourself. the XSS vulnerability on Tagged, Multiply, Friendster or even Facebook have been posted here before and some has not been patched.. lolz..
About a month a go, when i was too busy with my daily activites on the real life, i didnt realize that one of our mods on Forum Balikita named H4×0r-x0x found one again on twitter, i’m amazed, good job dude. If i’m not mistaken the vulnerability left on twitter oauth application module, especially on application name
Recently, many friendster users leave and move to facebook. That’s probably because facebook provides more easyness and interactivity than friendster, many cool games, chat, usefull applications, etc. Friendster seems to follow facebook too now, they tried to add anything facebook has on their page. They even tried to provide us chat facility like the one on facebook, but it has not been implemented yet untill now. There are some more things that friendster try to follow, you can see how their activity stream, also link sharer, etc.
Multiply is a social networking service with an emphasis on allowing users to share media - such as photos, videos and blog entries - with their “real-world” network. The website was launched in March 2004 and is privately held with backing by VantagePoint Venture Partners, Point Judith Capital, Transcosmos, and private investors. Multiply has over 11 million registered users. The company is headquarterd in Boca Raton, Florida.
Tagged is the 3rd largest social network in the US, and has over 80 million members worldwide. Lately i have also found a hole to insert XSS vector on their profile page. You can see it live on 
Media-Box