fixed!

if (substr($PARAMS['_url'], 0, 4) != 'http') {
die('protocol not supported!');
}

the code was a part of an experimental hack that slipped into our deployment tree. given the fact that you posted this a couple of minutes ago, you should give us some credit for the quick response/fix.

could do, but this is an experimental project and we are not planning it to take it any further then that. maybe add support for hiding the refer etc, it is poc after all. btw, AttackAPI can do this and even more without the need for a server side script to forward the request.

btw, we are not a security group, although most of the stuff we do are related to security. we are a think tank organization. many thanks

M, what's so funny?

christ1an, the problem I see here is that most XSSers on slackers and other sites take their XSS findings too serious. I don't give a damn who found what vulnerability on what site. So what? We all know what XSS is and finding it is not that of a problem. Here if you want I can provide you a script that uses Google to located XSS in the top 100 sites from ALEXA if you want. It is like finding BF in apps. Run a fuzzer and then you might crash your browser in 50 different ways. Do you know how to take advantage of the findings? Or shall we attack Safari cuz it is still in beta and we can make a name out of it. Grow up. my man.

XSS - I expect to find more problems on that matter in GC. In fact, I was surprised that no one has take an advantage of an obvious exploit in the UTIL toolkit I discussed some time ago (see http://www.gnucitizen.org/blog/how-i-almost-got-hacked). Cheers