WHID 2006-18: Myspace.com - Intricate Script Injection Vulnerability

Forget putting <script> tags in input field. This high tech vulnerability exploits the code handling online/offline flags by inserting a malicious online/offline flag. Awesome.

Additional information:

Myspace.com - Intricate Script Injection Vulnerability [Justin Lavoie, Apr 5 2006]

Attack Method:

Cross Site Scripting (XSS)

Incident Outcome:

Disclosure Only

Add new comment

WHID 2006-18: Myspace.com - Intricate Script Injection Vulnerability

Science or Religion?

Further Research

Presentations

You are here

WHID 2006-18: Myspace.com - Intricate Script Injection Vulnerability

Science or Religion?

Further Research

Presentations