There is a XSS through JavaScript Injection vulnerability in the Home page of Speed Bit Search Engine.
http://search.speedbit.com/
In Media:
The Hackers News:
http://www.thehackernews.com/2011/11/cross-site-scripting-vulnerability-in.html
Softpedia News:
http://news.softpedia.com/news/Indian-Hacker-Finds-Vulnerability-in-Speed-Bit-Search-Engine-233645.shtml
Technical Description of this Issue:
The XXS filter is filtering normal html /script /iframe tags but XXS can be achieved by injecting JavaScript event "onmouseover()".
Proof of concept:
To exploit this vulnerabilty follwthis steps:
1) Visit this URL
http://search.speedbit.com/?aff=grbr" onmousemove="alert(document.cookie)
2) Bring mouse cursor over the hyperlink shown in the attached POC! and you should see a POP up box showing the browser cookies.
The search engine might not be as popular as Google, but a large number of users could be affected if a black hat would profit from the flaw.
http://search.speedbit.com/
In Media:
The Hackers News:
http://www.thehackernews.com/2011/11/cross-site-scripting-vulnerability-in.html
Softpedia News:
http://news.softpedia.com/news/Indian-Hacker-Finds-Vulnerability-in-Speed-Bit-Search-Engine-233645.shtml
Technical Description of this Issue:
The XXS filter is filtering normal html /script /iframe tags but XXS can be achieved by injecting JavaScript event "onmouseover()".
Proof of concept:
To exploit this vulnerabilty follwthis steps:
1) Visit this URL
http://search.speedbit.com/?aff=grbr" onmousemove="alert(document.cookie)
2) Bring mouse cursor over the hyperlink shown in the attached POC! and you should see a POP up box showing the browser cookies.
The search engine might not be as popular as Google, but a large number of users could be affected if a black hat would profit from the flaw.
Great Article
ReplyDeleteCyber Security Projects for CSE Students
JavaScript Training in Chennai
Project Centers in Chennai
JavaScript Training in Chennai
No Deposit Bonus Code at Grades Casino
ReplyDeleteThe online ventureberg.com/ casino offers casino-roll.com 100 free spins without deposit for no wagering requirements. https://octcasino.com/ This bonus is one herzamanindir.com/ of the most popular หารายได้เสริม and most well-known