Cross Site scripting Vulnerability in Alexa Toolbar Search

Sponsored Links


A hacker named as kuksool from the hacker group "n0careteam" has discovered a Cross Site scripting vulnerability in the Alexa website -A California-based subsidiary company of Amazon.com that provides infromation about websites including Internet traffic stats, rank.

The vulnerability exists in the Alexa Toolbar search page(search.toolbars.alexa.com) - A custom search provided by Google.

If you have installed the toolbar in your browser & inject this script in the search box, it successfully executes the given script:

"><script>alert(" E Hacking News")</script>

Xss in Alexa Toolbar Search


POC:
http://search.toolbars.alexa.com/?q="><script>alert("+E+Hacking+News")</script>
Recently the same hacker group discovered XSS vulnerability in high profile websites including Russian and Malaysia Government sites, Music.com, New York Magazine.
Category: / / / /

Share this with Your friends: