Damn Friendster!

December 11, 2007 | By Makkez In Area 51 |

It seems that Friendster had updated their filtration system again, but this time, with tight upgrades. I can’t even execute a single XSS test or a simple javascript alert box and that really pisses me off!

Previously, these methods could be performed in Friendster :

  • <%BCstyle>blabla
  • The conversion of normal codes into encrypted Hex codes
  • The infamous, “expr/**/ession” CSS tag which works only in IE
  • The conversion of “<" and ">” tags into encrypted formats
  • That’s all to name a few


    • Currently, I’m the process of implementing some PHP codes into a Friendster profile which would then redirect the profile to another site, thus executing the codes. But, Friendster is so brilliant that it would filter whatever link that ends with blahblah.php, and making the corresponding codes invisible when viewing the source. So, I managed to implement the PHP codes into a JPG file, then letting the directory of the JPG file to recognise the JPG file as a PHP file using the MIME-Type and .htaccess, and finally, implementing the JPG file into a Friendster profile as a ‘normal image’.

    I’ve tried this method before and it worked! But, now, it doesn’t seemed to be promising. It looks like I got to perform some tweaks on this method in order for it to be successfully executed in Friendster!



    Related posts:

  • Arghhh… Get a life lar!
  • New Section – Friendster Comments
  • View ‘private’ Friendster profile’s photos!

    • 2 Responses for "Damn Friendster!"

    1. Avatar tulipspeaks December 11th, 2007 at 4:24 pm

      hie. thanks for visiting.

      ammu.

    2. Avatar NiRa_7xXx7 A.K.A Dj-X December 12th, 2007 at 3:41 am

      Neegeh yaru mike.. Friendster/Coding ler “khiladi” :lol:


    Have something to say? Leave your reply now!