We constructed the sendurl variable based on the request URL, using Samy's friend ID (found as "owner_guid":59 ... Without these lines, our XSS attack would be unable to perform authenticated actions ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback