XSS through javascript injection in Speed-Bit Search Engine

XSS through javascript injection in Speed-Bit Search Engine

November 20, 2011

There is a XSS through JavaScript Injection vulnerability in the Home page of Speed Bit Search Engine.

http://search.speedbit.com/

In Media:
The Hackers News:
http://www.thehackernews.com/2011/11/cross-site-scripting-vulnerability-in.html
Softpedia News:
http://news.softpedia.com/news/Indian-Hacker-Finds-Vulnerability-in-Speed-Bit-Search-Engine-233645.shtml

Technical Description of this Issue:
The XXS filter is filtering normal html /script /iframe tags but XXS can be achieved by injecting JavaScript event "onmouseover()".

Proof of concept:
To exploit this vulnerabilty follwthis steps:

1) Visit this URL

http://search.speedbit.com/?aff=grbr" onmousemove="alert(document.cookie)

2) Bring mouse cursor over the hyperlink shown in the attached POC! and you should see a POP up box showing the browser cookies.

The search engine might not be as popular as Google, but a large number of users could be affected if a black hat would profit from the flaw.

Comments

Tanika Co ValdaOctober 21, 2019 at 3:17 PM
Great Article
Cyber Security Projects for CSE Students

JavaScript Training in Chennai

Project Centers in Chennai

JavaScript Training in Chennai

ReplyDelete
Replies
AnonymousMarch 31, 2022 at 8:03 AM
No Deposit Bonus Code at Grades Casino
The online ventureberg.com/ casino offers casino-roll.com 100 free spins without deposit for no wagering requirements. https://octcasino.com/ This bonus is one herzamanindir.com/ of the most popular หารายได้เสริม and most well-known
ReplyDelete
Replies

Post a Comment