# Date: 2.03.2012
# Author: Sony
# Web Browser : Mozilla Firefox
# PoC:
http://st2tea.blogspot.com/2012/03/photobucketcom-cross-site-scripting.html
..................................................................

Simple.

Step 1.

Our Profile:

Put our xss code in the fields: First name and Last name and ..save.

http://4.bp.blogspot.com/-I9QBe6Z9L9E/T1EhvEIEnvI/AAAAAAAAAqQ/WwB9tVeKMxM/s1600/bitprofile.JPG

Step 2.

Open page:

http://smg.photobucket.com/friendfinder

http://1.bp.blogspot.com/-CHp6f4fATvA/T1EmmTbcISI/AAAAAAAAAq0/NGCX-uzlYbo/s1600/invite.JPG

And press button invite friends and enjoy! We can see a persistent xss bug.
But it's not a critical bug.

http://1.bp.blogspot.com/-sp1z4JfHDKw/T1EigdYMneI/AAAAAAAAAqc/7_MxhIFCoUk/s1600/bit.JPG

http://3.bp.blogspot.com/-dqcyRCpCsRI/T1Eij84U_qI/AAAAAAAAAqo/ckJflJu4TdE/s1600/bit1.JPG
..................................................................

InSecurity.Ro

Because we care, we're security aware!