Friendster XSS Through FBML

Posted by: Joy  :  Category: Linker, Vulnerability

Friendster FBML Hole Status : Active
Released : August, 2010
Author : no_one
Greetings : Angell de Ville & The Friendster Team

MyFeeling Widget Linker

The last shoutout linker has been filtered already about a month after being released. Now i’m trying to share again another persistent xss on friendster that can be used to add layouts to our profile. Here, we’re gonna use the old FBML platform on friendster applications. as you might already know, actually this platform was already removed from their developer page about a year ago, but some of the old ones are still intact.

OK, let’s just go straight to the steps. Follow these instructions carefully :
Read more…

XSS on Twitter

Posted by: Joy  :  Category: Vulnerability

Twitter XSS Searching for XSS hole on social networking websites is really fun indeed. It feels like you have your own satisfaction whenever you find it by yourself. the XSS vulnerability on Tagged, Multiply, Friendster or even Facebook have been posted here before and some has not been patched.. lolz..

About a month a go, when i was too busy with my daily activites on the real life, i didnt realize that one of our mods on Forum Balikita named H4×0r-x0x found one again on twitter, i’m amazed, good job dude. If i’m not mistaken the vulnerability left on twitter oauth application module, especially on application name

Read more…

Facebook Visitor Info

Posted by: Joy  :  Category: Facebook Tips

Facebook Visitor Log Here i go again, right now i’m gonna write a brief review to the social network application i made on last may 2010. As it shows users their own private information such as basic info, birthday, address, mobile number, ip address, email and website, etc, i call it Facebook Visitor Info.

Screenshot :
Read more…

XSS On Friendster

Posted by: Joy  :  Category: Vulnerability

Friendster XSSRecently, many friendster users leave and move to facebook. That’s probably because facebook provides more easyness and interactivity than friendster, many cool games, chat, usefull applications, etc. Friendster seems to follow facebook too now, they tried to add anything facebook has on their page. They even tried to provide us chat facility like the one on facebook, but it has not been implemented yet untill now. There are some more things that friendster try to follow, you can see how their activity stream, also link sharer, etc.

OK, let’s go straight to the topic, i accidentally found another XSS vulnerability “again” on their file, named sharer.php. It doesnt sanitize parameter correctly.

Read more…