[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Feb 2010 01:40:22 +0530
From: rockey killer <skg102@...il.com>
To: h4ck3r_in@...glegroups.com, sec-adv@...unia.com,
full-disclosure@...ts.grok.org.uk
Subject: Cross Site Scripting (XSS) Vulnerability in ibibo
Cross Site Scripting (XSS)
Vulnerability in ibibo
In search fields of cityads.ibibo.com
ibibo.com is India’s first entertainment and talent based social network.
It gives the youth of India a unique platform to showcase their talent,
express themselves,
create their own social network, audience and fan club and hence get
recognition.
Vulnerability
Non-Persistent Cross site scripting (XSS) vulnerability is found in
cityads.ibibo.com
Disclosure Timeline
Reported: Tue, Jan 19, 2010 at 5:23 PM
Fixed: --------------
Credits
H4CK3R Crew
http://h4ck3r.in
POC URL
http://cityads.ibibo.com/search_result.php?cate_id=&q=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&searchFrom=search_bar
--
Rockey Killer
It's all about Hacking and Security
http://h4ck3r.in/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists