MySpace Scripts - Poll Creator JavaScript Injection Vulnerability Nov 22 2007 05:26PM
DoZ HackersCenter com
[HSC]MySpace Scripts - Poll Creator JavaScript Injection Vulnerability

Our MySpace Poll Creator script is the ultimate addition to your MySpace resource

site. The script enables your user to quickly and easily create a poll that they

can post to profile or bulletin to all their friends. Everyone loves to create a

poll and gather opinions and this isn't something that's available on every other

MySpace resource site.

Hackers Center Security Group (

Credit: Doz

Risk: Medium

Class: Input Validation Error


Product: MySpace Scripts - Poll Creator

* Attackers can exploit these issues via a web client.

Cross-Site Scripting:

Example of Advance Exploitation of the Application:

Once we have found that the application is vulnerable to JavaScript Injection we see

that there is a form that will be our source of input to alter page source code the Files.

Now we can advance this type of attack by injecting an evil script trough

/poll/index.php?action=create_new. Now we can inject any code into the Raw From Box

and submit. This will leave a persistent Code on the Server side.


Only becoming a Ethical Hacker, you can stop a Hacker. Learn with out having

to pay thousands!- - The most comprehensive security

pack you will ever find on the net!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus