Unfixed XSS vulnerability at mhphaber.com

2008-11-15T00:00:00
ID XSSED:54678
Type xssed
Reporter invisible_hacker
Modified 2009-02-07T00:00:00

Description

Security researcher invisible_hacker, has submitted on 15/11/2008 a cross-site-scripting (XSS) vulnerability affecting mhphaber.com, which at the time of submission ranked 1329010 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 02/07/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://mhphaber.com/bul_haberler.asp?aranan_haberler=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&grup_id=0&M7E2J5M6I1C2I3A8Y0Z2O4H7N9X2U5V9D8V2A6D7Z1T2A3K5P0R3G4Y7E9O3M5G5U8M3L2U7K7K3R4B5G1I3X5P8W0F3D6X6L9D3=Ara