On 10/12/07, Fabio N Sarmento [ Gmail ] <[EMAIL PROTECTED]> wrote: > Greetings! > Doing hard searches and working hard seeking for xss holes we finally found! You surely mean ``ass holes''? > The new hole is in the description of the pic, you can put html encode chars > like this. > > & l t ; meta http-equiv="refresh" content="0;url=http://suafakeaqui"; & g t ; > > < means < (minus) or open tag. > > means > ( more ) or close tag. > > So you can build great javascripts to stole cookies and whatever you want ;) > > Proof of concept: > > My Profile: > http://www.orkut.com/Album.aspx?uid=4196484633792069568 ( > just a javascript with location.href='mypersonalwebsite.com > ' ) > > Thanks to Pedro Boara ( http://www.suspensa.info ) > > Att; > Fábio N Sarmento > Programmer > São Paulo / Brazil > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
