Friday, April 23, 2010

Photobucket XSS Defacement

Photobucket is the premier site on the Internet for uploading, sharing, linking and finding photos, videos and graphics. Your free Photobucket account can store thousands of photos and hours of video.
And one of the many sites vulnerable to cross-site scripting ( XSS ) HTML injection and redirect.Small problem that can cause damage to many users and visitors.

Screenshots and proof of concept:



xss alert poc here and here and redirect to google








Be carefull and take a look at Microsoft Recommends NoScript

2 comments:

Pento said...

Classic XSS in search page

r1z said...

Dev1l, Check SQL Injection in Redhat.com !
ec
http://sec-r1z.com/showthread.php?t=6834

full PoC picutre

http://sec-r1z.com/images/Redhat/

Thanks!
SecurityRules.