_____ _   _ _____  _____ _____ _____
  /  ___| |_| |  _  \|  _  |  _  |_   _|
  | (___|  _  | [_)_/| (_) | (_) | | |
  \_____|_| |_|_| |_||_____|_____| |_|
         C. H. R. O. O. T.  SECURITY  GROUP
         - -- ----- --- -- -- ---- --- -- -
                      http://www.chroot.org

                          _   _ _ _____ ____ ____ __  _ 
        Hacks In Taiwan  | |_| | |_   _|  __|    |  \| |
        Conference 2009  |  _  | | | | | (__| () |     |
                         |_| |_|_| |_| \____|____|_|\__|
                                      http://www.hitcon.org




  Subject======:: Several Blog Providers Critical Security Vulnerability

  Author ======:: unohope [at] chroot [dot] org

  IRC =========:: irc.chroot.org #chroot

  Snapshot ====:: http://www.chroot.org/advisory/chroot_uu_bg.rar

  Content =====:: There are several blog providers critical security vulnerability,
                  myspace, blogger, pixnet, xuite, roodo, sina, yam, vlog tvbs, calldoor and etc ..

                  Allows malicious code injection by any web user into the web pages,
                  has been exploited to craft powerful phishing attacks and browser exploits,
                  also contained one-click attacking, sidejacking, session riding or clickjacking and blah ..
                  kind of vulnerabilities to exploit the trust that a site has for a particular user.

                  ** Just for educational purposes, DO NOT use for illegal. **