XSS Fragmentation and MySpace 0day
At the simplest level, fragmentation attacks are possible when several fragments, which are by themselves not a security risk and can therefore be allowed to pass through a filter or firewall, but when the fragments reach their destination the fragments are combined and produce something dangerous.
The actual exploit is using <body foo=’ in your “Music Interests” box for your profile.
It then puts everything splitting the Music and Film sections into the foo attribute. In the Movies section of your interests you put ‘ onLoad=’alert(“xss”);> This turns out something like this.
Live code. Uses Malucs CSRF of changing your Preferred language to french.