[37360] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

XSS in TheFaceBook round 2

daemon@ATHENA.MIT.EDU (Alex Lanstein)
Mon Nov 15 14:13:53 2004

Date: 15 Nov 2004 05:31:26 -0000
Message-ID: <20041115053126.28377.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Alex Lanstein <alex.lanstein@gmail.com>
To: bugtraq@securityfocus.com

Authors:    Alex Lanstein, Ivo Parashkevov
Date:       November 15, 2004

Affected Software:           TheFaceBook - All Versions
Software URL:                http://www.thefacebook.com

TheFaceBook, a popular college networking (social, not technological) tool is vulnerable
to many XSS holes in it's search and editing methods.  

In contact.php, the "New School" field is vulnerable to an XSS attack.

No POC needed, just put whatever code you want into the field.  Might want to check on that Email field too...I smell another sql attack :-)

greets to luthy, pramod, cc summer crew 2003, and of course, gab :-)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[37360] in bugtraq

XSS in TheFaceBook round 2

daemon@ATHENA.MIT.EDU (Alex Lanstein)Mon Nov 15 14:13:53 2004

daemon@ATHENA.MIT.EDU (Alex Lanstein)
Mon Nov 15 14:13:53 2004