|=================================================================================================| | ___ ___ ___ ___ ___ ___ | | /\ \ /\ \ /\__\ ___ /\ \ /\ \ /\ \ | | /::\ \ /::\ \ /::| | /\ \ /::\ \ /::\ \ /::\ \ | | /:/\:\ \ /:/\:\ \ /:|:| | \:\ \ /:/\:\ \ /:/\:\ \ /:/\:\ \ | | /:/ \:\ \ /:/ \:\ \ /:/|:| |__ /::\__\ /::\~\:\ \ /::\~\:\ \ /::\~\:\ \ | | /:/__/ \:\__\ /:/__/ \:\__\ /:/ |:| /\__\ __/:/\/__/ /:/\:\ \:\__\ /:/\:\ \:\__\ /:/\:\ \:\__\ | | \:\ \ \/__/ \:\ \ /:/ / \/__|:|/:/ / /\/:/ / \/__\:\ \/__/ \:\~\:\ \/__/ \/_|::\/:/ / | | \:\ \ \:\ /:/ / |:/:/ / \::/__/ \:\__\ \:\ \:\__\ |:|::/ / | | \:\ \ \:\/:/ / |::/ / \:\__\ \/__/ \:\ \/__/ |:|\/__/ | | \:\__\ \::/ / /:/ / \/__/ \:\__\ |:| | | | \/__/ \/__/ \/__/ \/__/ \|__| | | | |=================================================================================================| | | | Vulnerability............Reflected XSS | | Software.................Stumbleupon.com | | Date.....................4/26/10 | | Site.....................http://cross-site-scripting.blogspot.com/ | | | |=================================================================================================| | | | ##Description## | | | | The code that displays spelling corrections does not encode user submitted data. | | | | | | ##Exploit## | | | | teh | | | | | | ##Proof of Concept## | | | | http://www.stumbleupon.com/search?q=teh | | | |=================================================================================================|