[Full-disclosure] Baidu XSS Zero Day
Beatyou Man
beatyouman at ymail.com
Tue Feb 9 09:54:47 GMT 2010
Baidu.com is the bigest search engineen provider in China. After
been hacked by Iran Cyberarmy. There is another vulnerbility been found on index.baidu.com.
Description of Vulnerability:
-----------------------------
There is a XSS vulnerability exist on baidu.com which found by a Internet user.
Impact:
-------
No more repeat about such types of vulnerabilities
Mitigating factors:
-------------------
Proof of concept:
-----------------
Take a look at the attached file.
Timeline:
---------
2010-02-08 - Baidu notified
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100209/0c59c33b/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: baidu-xss.JPG
Type: image/jpeg
Size: 81039 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100209/0c59c33b/attachment-0001.jpe
Full-Disclosure is hosted and sponsored by Secunia.