[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Cross Site Scripting (XSS) Vulnerability in ibibo

To: h4ck3r_in@xxxxxxxxxxxxxxxx, sec-adv@xxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in ibibo
From: rockey killer <skg102@xxxxxxxxx>
Date: Wed, 3 Feb 2010 01:40:22 +0530

Cross Site Scripting (XSS)
Vulnerability in ibibo
In search fields of cityads.ibibo.com

ibibo.com is India’s first entertainment and talent based social network.
It gives the youth of India a unique platform to showcase their talent,
express themselves,
create their own social network, audience and fan club and hence get
recognition.


Vulnerability
Non-Persistent Cross site scripting (XSS) vulnerability is found in
cityads.ibibo.com

Disclosure Timeline
Reported: Tue, Jan 19, 2010 at 5:23 PM
Fixed: --------------

Credits
H4CK3R Crew
http://h4ck3r.in

POC URL

http://cityads.ibibo.com/search_result.php?cate_id=&q=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&searchFrom=search_bar
-- 

Rockey Killer
It's all about Hacking and Security

http://h4ck3r.in/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in ibibo
  - From: Benji

Prev by Date: [Full-disclosure] Get WinScanX Pro for FREE or $10 dollars for the month of February
Next by Date: [Full-disclosure] Nikto version 2.1.1 released!
Previous by thread: [Full-disclosure] Get WinScanX Pro for FREE or $10 dollars for the month of February
Next by thread: Re: [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in ibibo
Index(es):
- Date
- Thread