Myspace Exploit!
I wrote the below about 3 months ago (mid july) and published it, but a day later decided to remove the post from my blog - one such exploit like this that was found before took myspace offline for a few hours. It appears myspace have now fixed (well, partly..) the issue I've documented here, so I now consider it safe to publish.
Seems I've foudn a way of exploiting a hole in myspace's XSS filters!
Myspace block all kinds of common XSS exploits from your profile, however, I've found a way around it! I did email them explaining that I took 2 hours trying to find it, and asking if they offered any incentive to report it to them - but I didn't hear back. I guess I might as well publish it then...
<div <img />
href="#" onmouseover="alert('moo')">w00t</div>
Using that foothold, I'm sure there's many things you could do....
Odd XSS quirk in google videos
I don't think this is exploitable, but here's the details that I reported to google...
Bug with your XSS filters.
when viewing a view, you have a bar down the right hand side of the screen.
There is a bug in what I presume is your cross site scripting filter.When it encouters a ' (single quote) within a string, it generates undesired results.
For example:
<a href="/videoplay?docid=2421984664875201064" onclick='setSessionCookie(VP_playlistCookieName, "...,", VP_cookieDomain); setSessionCookie(VP_playlistIndexCookieName, -1, VP_cookieDomain);' title="Steve Irwin How I" d="" like="" to="" be="" remembered="">Steve Irwin How I'd Like to...</a>Notice how the 'title' attribute of the <a> tag has been formatted, causing the title string to be formatted as additional attributes to the <a> tag
Last time a friend found a bug and reported it, it took a shockingly long time for google to fix it ...