June 18, 2013 19:05
diff --git a/gistfile1.js b/gistfile1.js
 var ck = document.cookie;

 function getcookie(n) {
    var ar = n + "=";
    var al = ar.length;
    var cl = ck.length;
    var i = 0;
    while (i < cl) {
        j = i + al;
        if (ck.substring(i, j) == ar) {
            e = ck.indexOf(";", j);
            if (e == -1)
                e = ck.length;
            return unescape(ck.substring(j, e));
        }
        i = ck.indexOf(" ", i) + 1;
        if (i == 0)
            break;
    }
    return "";
 }
 var Rlo = "";
 var Rm = "";
 Rlo = getcookie("Rlo"); //Rlo variable is now controlled via cookie
 Rlo = unescape(Rlo).replace("+", " ")
 Rm = getcookie("Rm"); //
 if (Rlo != "" && Rm != "")  // For triggering DOM-based XSS, Rm and Rlo should be set to some value not equal to NULL
 {
  document.getElementById('username').innerHTML = "Hi <a href=\"http://mypage.rediff.com/profile/myprofile\">" + Rlo + "</a>"; //Rlo lands here, Boom! DOM-based XSS  :)
 }
	var ck = document.cookie;

	function getcookie(n) {
	var ar = n + "=";
	var al = ar.length;
	var cl = ck.length;
	var i = 0;
	while (i < cl) {
	j = i + al;
	if (ck.substring(i, j) == ar) {
	e = ck.indexOf(";", j);
	if (e == -1)
	e = ck.length;
	return unescape(ck.substring(j, e));
	}
	i = ck.indexOf(" ", i) + 1;
	if (i == 0)
	break;
	}
	return "";
	}
	var Rlo = "";
	var Rm = "";
	Rlo = getcookie("Rlo"); //Rlo variable is now controlled via cookie
	Rlo = unescape(Rlo).replace("+", " ")
	Rm = getcookie("Rm"); //
	if (Rlo != "" && Rm != "") // For triggering DOM-based XSS, Rm and Rlo should be set to some value not equal to NULL
	{
	document.getElementById('username').innerHTML = "Hi <a href=\"http://mypage.rediff.com/profile/myprofile\">" + Rlo + "</a>"; //Rlo lands here, Boom! DOM-based XSS :)
	}