XSS vulnerability found by Darklord on Babylon search engine. According to the hacker Babylon search engine is vulnerable to a particular type of XSS attack. It can be XSSed by first adding a normal string at the beginning and then pushing the script. Since the search engine has implemented XSS filtering so it can be bypassed by crafting a different vector like the one shown in the screenshot
http://search.babylon.com/?q=helloworld%3Cscript%3Ealert%28%27hackingalert%27%29%3B%3C%2Fscript%3Ehelloworld&babsrc=home&s=web&as=0&t=0
LINK TO OUR HOME PAGE :
![](http://3.bp.blogspot.com/-RxwiSFen_Nw/TjQLGGZwd5I/AAAAAAAAAPw/mVJsXm-Qib0/s1600/images.png)
![](http://1.bp.blogspot.com/-vqQfz6VXhq0/TjQI5uB_3gI/AAAAAAAAAPk/0RSeSEY8YuA/s1600/mini_rss.png)
Categories:
indian
,
security-news
,
vulnerablity