Lots of friendship network sites are coming up these days following the success of orkut. Another one supposedly originating from the same stanford university is yaari.com targeted at mainly Indian users. The site looks and functionality seems fine but is full of XSS holes (Cross Site Scripting). Almost all the fields can be bugged.
Only thing that amazes me is that the site has used PHP. PHP has such a wonderful list of functions that can take care of the XSS problem. I wonder why no one is using those. I guess people are unaware of the XSS problem or is it that they just under estimate it ????
If anyone from the administrative department of yaari happens to be reading this, please post a comment on "Why have you ignored XSS ??"
Thanx Mr Nobody,
XSS is on DesiMartini.com too