Comments on: SuperPoke XSS Vulnerability http://theharmonyguy.com/2009/06/12/superpoke-injection-vulnerability/ Investigating privacy and security issues in online social networking Thu, 09 Feb 2012 10:47:20 +0000 hourly 1 http://wordpress.org/?v= By: theharmonyguy http://theharmonyguy.com/2009/06/12/superpoke-injection-vulnerability/comment-page-1/#comment-5032 theharmonyguy Sat, 11 Jul 2009 01:44:27 +0000 http://theharmonyguy.com/?p=91#comment-5032 @[comment removed]: I'm working now on a far less technical explanation of how these problems work. As you can see from my site, I've been tinkering with Facebook apps for quite a while. I noticed that SuperPoke was using an insecure setup a while ago, but it wasn't that big a deal until Facebook introduced access to the API via JavaScript, which enabled my proof-of-concept exploit. @[comment removed]: I’m working now on a far less technical explanation of how these problems work.

As you can see from my site, I’ve been tinkering with Facebook apps for quite a while. I noticed that SuperPoke was using an insecure setup a while ago, but it wasn’t that big a deal until Facebook introduced access to the API via JavaScript, which enabled my proof-of-concept exploit.

]]> By: meh http://theharmonyguy.com/2009/06/12/superpoke-injection-vulnerability/comment-page-1/#comment-4009 meh Sat, 13 Jun 2009 10:19:23 +0000 http://theharmonyguy.com/?p=91#comment-4009 "I thought it would not be wise to release details publicly given the significance of this attack" haha yah, that's why you've had such a response. This is mickey mouse garbage. Go "superpoke" your boyfriend, your not a "security researcher'. “I thought it would not be wise to release details publicly given the significance of this attack” haha yah, that’s why you’ve had such a response. This is mickey mouse garbage. Go “superpoke” your boyfriend, your not a “security researcher’.

]]>