XSS vulnerability found by Darklord on Babylon search engine. According to the hacker Babylon search engine is vulnerable to a particular type of XSS attack. It can be XSSed by first adding a normal string at the beginning and then pushing the script. Since the search engine has implemented XSS filtering so it can be bypassed by crafting a different vector like the one shown in the screenshot
http://search.babylon.com/?q=helloworld%3Cscript%3Ealert%28%27hackingalert%27%29%3B%3C%2Fscript%3Ehelloworld&babsrc=home&s=web&as=0&t=0
LINK TO OUR HOME PAGE :


Categories:
indian
,
security-news
,
vulnerablity