ZMSE v2.0 (ZaLab Meta Search Engine) XSS vulnerability ~ Random stuff by yappare

Friday, November 19, 2010

ZMSE v2.0 (ZaLab Meta Search Engine) XSS vulnerability

on November 19, 2010 No comments

# Exploit Title: ZMSE v2.0 (ZaLab Meta Search Engine) XSS vulnerability
# http://lab.zagia.com/
# Date: 20/11/2010
# Author: p0pc0rn
# Risk level: Medium
# Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.

XSS
===
http://site.com/[search]/?where=[]&query=[xss]

Screenshot
==========

http://img251.imageshack.us/img251/6649/74928518.png

p0pc0rn

Random stuff by yappare

Friday, November 19, 2010

ZMSE v2.0 (ZaLab Meta Search Engine) XSS vulnerability

0 comments:

Text Widget

Popular Posts

Pages

Blog Archive

Recent Posts

Unordered List

Categories