This time instead of publishing a new blog post, I present two real life XSS example cases from the wild. I already XSSed both cases for you. Your job is to find the root cause and explain it in the comment section or send it to me via Twitter or email. The first best detailed explanation of the following two real life example cases will receive a small token of appreciation from my side.
1) Open the following URL in Firefox browser:
The screen-shot is also given below.
Your task is to explain how this XSS works to a naive user or beginner. A sort of indirect hint is available in one of my earlier blog posts.
2) Open the following URL in Chrome browser:
Isn't my harmless XSS probe string ("xxxxxxxx'yyyyy</img) part of URL :D The screen-shot is also given below.
Your task is to explain this XSS to a naive user or beginner. In fact the root cause of this XSS is: developers often do not follow the very basic and first principle of security.
I hope it would be fun.
-- Serious effort by @Zemnmez:
http://pastie.org/private/zgr3xxoj7e6shanmixrlw & http://pastie.org/private/lpxgyc9iikn9z674pswsqg
-- Attempt by @omeriko_9: