Justin Lavoie came up with a rather interesting DOM based XSS vector for MySpace using String.fromCharCode inside of an improperly sanitized parameter. Pretty tricky. Nice job, Justin!

This entry was posted on Thursday, January 1st, 1970 at 12:00 am and is filed under XSS, Webappsec. You can leave a response as well.