Monday, May 23, 2011

Facebook Vulnerable to HTML Injection

Well lemme go straight to the point.

Facebook IS again vulnerable, this time to a HTML Injection vulnerability.

The exploit actually allows a malicious user to insert malicious HTML-based content within client web requests.

Let's take a look at the P.O.C. below

I actually have this in the url

Lets take a look at the body

Now, lets see a combination of the Title & Body using the famous Peter Attah Nigerian Scam Letter

The malicious user's imagination is his/her only limit!

No comments:

Post a Comment