Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS at www.ubbi.com.br
Posted by: FR3DC3RV
Date: January 27, 2007 09:16AM

Vuln at Www.ubbi.com.br
--------------------------------------------------------------------------------

Found Date: 12/01/2007

Affected places:
Search box.

Description:
Ubbi.com.br is a brazilian search engine, powered by Google.
After your search, the page that is created doesn't filter\encondes the results, so any string you
insert will run.

Example:
<script>alert('XSS')</script>

Response:
Do the basic. Filter/Encode all special characters (<,>,\,/,*,&,#,%,',",-,etc).

Options: ReplyQuote
Re: XSS at www.ubbi.com.br
Posted by: SystemOfAHack
Date: January 27, 2007 04:59PM

Nice find and all :p just this probably belongs in the "So it begins" thread http://sla.ckers.org/forum/read.php?3,44, there's a good few posted there.

Options: ReplyQuote


Sorry, only registered users may post in this forum.