XSS vulnerability found in Russian Biggest social Network odnoklassniki.ru

GreyHat Hackers Sony and Flexxpoint come with interesting xss found, discovered cross site scripting vulnerability in Odnoklassniki.  Odnoklassniki (Одноклассники in Russian, Classmates) is a social network service for classmates and old friends reunion popular in Russia and other former Soviet Republics. It was created by Albert Popkov on March 4, 2006.

He provided the vulnerable link and video to demonstrate the vulnerability:

http://www.odnoklassniki.ru/dk?st.cmd=appSearchResultList&st.isEmpty=off&st.query=%22%22%3E%3Cscript%3Ealert%28%22Odnoklassniki.ru%20Cross%20Site%20Scripting%22%29%3C/script%3E%3Ciframe%20src=%22http://xssed.com%22%3E

Screenshot
In order to verify the vulnerability, we have to login because the page is available only for logged in users.

POC video:




Category: / /

Share this with Your friends: