XSS vulnerability on Babylon search engine. According to the hacker Babylon search engine is vulnerable to a particular type of XSS attack. It can be XSSed by first adding a normal string at the beginning and then pushing the script. Since the search engine has implemented XSS filtering so it can be bypassed by crafting a different vector like the one shown in the screenshot
LINK:
http://search.babylon.com/?q=helloworld%3Cscript%3Ealert%28%27hacked+alert+by+Rwandan+Hackers%27%29%3B%3C%2Fscript%3Ehelloworld&s=web&as=0&babsrc=home
No comments:
Post a Comment