Zynga Petville suffers from a cross site scripting vulnerability.
dc04e63dfe4b99e29c027ca6bf88c0fe84a065f6dfd3f43f820da1144504d024
_______ ________________ __ _____________
_______ \ _ \ \ _ \______ \ | _/_ \______ \ __ _ __
\_ __ \/ /_\ \/ /_\ \ / / |/ /| | / / ______ \ \/ \/ /
| | \/\ \_/ \ \_/ \/ /| < | | / / /_____/ \ /
|__| \_____ /\_____ /____/ |__|_ \|___| /____/ \/\_/
\/ \/ \/
-------------------------------------------------------------------------------------------------------------------------------------------------
TITLE: Type-0 XSS bug in ZYNGA PETVILLE(facebook apps)
vendor: www.apps.facebook.com/petvillegame/**[]
Author: r007k17-w a.k.a Raghavendra Karthik.D
Email: n4gb07@gmail.com
My blog: https://shadowrootkit.wordpress.com/
Google Dork: Copyright 2010 Zynga Game Network Inc
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
DEMO: https://apps.facebook.com/petvillegame/money.php?ref=&pv_session="><iframe
src="https://www.google.com"></iframe>
SUG: HTML encoding, escaping special characters,Input sanitization.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
gr33t1ngs to s1d3-3ff3cts and all my friends