Cenzic 232 Patent
Paid Advertising
web application security lab

MySpace 0-Day Again (Again (Again))

digi7al64 found yet another hole in myspace using non-alpha-non-digit exploit. Again, this time, like last time, MySpace is doing a bad job of stripping out tags. This is the fifth time they’ve been hit by this exact same issue. MySpace should really consider hiring someone who knows how to write while loops. Until then they are vulnerable yet again. The trick is again simple:

<body onload<script=alert('xss');> becomes: <body onload..=alert('xss');> because they strip out the <script tag without recursively iterating over the same string to ensure they haven’t created another vector.

Like Forrest Gump might have once said, “Blacklist stripping is like a box of chocolates - you know what you’re going to get.” You never know what the data is going to end up looking like until you’re done stripping it, which is why you need to recursively go over the text over and over until you have found nothing. This is a hard lesson to learn I guess. Nice job, digi7al64!

4 Responses to “MySpace 0-Day Again (Again (Again))”

  1. RSnake Says:

    Also posted by SystemOfAHack http://myspace.com/Modules/Search/Pages/Search.aspx?fuseaction=advancedFind.results&t='%29;alert%28'XSS%20kthxbye

    Which works in both IE and Firefox. Originally posted here: http://sla.ckers.org/forum/read.php?3,44,page=35#msg-4919

    Nice job, SystemOfAHack!

  2. chlog.net » Myspace.com wiedermal löchrig Says:

    […] Bereits zum 5. mal wird auf ha.ckers.org von einer SicherheitslĂĽcke auf myspace.com berichtet. […]

  3. digi7al64 Says:

    This particular string has been fixed (though the issue is still there)

    New Vector posted here
    http://sla.ckers.org/forum/read.php?3,5013

  4. Another 0-day MySpace XSS Exploit » Says:

    […] source: ha.ckers.org Technorati Tags: cross site scripting, hacking myspace, myspace, myspace hacking, myspace xss, XSS, xss vulnerability Subscribe to Darknet RSS Feed Bookmark this post at:                                          Stored in: Exploits/Vulnerabilities, Web Hacking Related Posts: - MySpace Hackers in Police Custody- Teen Data Exposed on Myspace- Data Mining MySpace Bulletins- Save Your Reputation Online with ReputationDefender- libtiff Vulnerability gives hope for a new GTA-less PSP exploit- Web Services Attack Frequency Increasing | 2 Views | […]