Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Fabio N Sarmento [ Gmail ] (fabior2gmail.com)
Date: Fri Oct 12 2007 - 15:13:03 CDT
Doing hard searches and working hard seeking for xss holes we finally found!
The new hole is in the description of the pic, you can put html encode chars
& l t ; meta http-equiv="refresh" content="0;url=http://suafakeaqui" & g t ;
< means < (minus) or open tag.
> means > ( more ) or close tag.
*Proof of concept:*
My Profile: http://www.orkut.com/Album.aspx?uid=4196484633792069568 ( just a
Thanks to Pedro Boara ( http://www.suspensa.info )
Fábio N Sarmento
São Paulo / Brazil
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/