The Hacker News Logo
Subscribe to Newsletter

Cross Site Scripting Vulnerability in Speed Bit Search Engine

Cross Site Scripting Vulnerability in Speed Bit Search Engine


Debasish Mandal, A hacker from India , Found that there is a XSS through JavaScript Injection vulnerability in the Home page of Speed Bit Search Engine.The XSS filter is filtering normal html /script /iframe tags but XSS can be achieved by injecting JavaScript event "onmouseover()".Technical Description is below. Debasish have reported the vulnerability to the Speed Bit Team but haven't yet got any response from their side.

Proof Of Concept:
1) Visit this URL http://search.speedbit.com/?aff=grbr" onmousemove="alert(document.cookie)
2) Bring mouse cursor over the hyperlink shown in the image and you should see a POP up box showing the browser cookies.


Submitted By : Debasish Mandal, India.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.