TMR XSS + HTML Injection

+-------------------------------------------+ Title : TMR XSS + HTML Injection Target site : http://timra.se/ Vuln Type : Hyper Text Markup Language Injection Author : Avatar Fearless Info (i) ~~~~~~ Header's : HTTP/1.1 200 OK => Cache-Control => private Content-Type => text/html; charset=utf-8 Expires => Thu, 11 Oct 2012 16:15:34 GMT Server => Microsoft-IIS/7.5 Set-Cookie => ASP.NET_SessionId=aulv0q5u52murewpydzjbjc2; path=/; HttpOnly X-AspNet-Version => 4.0.30319 X-Powered-By => ASP.NET Date => Fri, 12 Oct 2012 16:15:34 GMT Connection => close Content-Length => 19669 Tested on : WIndows 7 Professional x86 Analytics : Google Analytics [# Website Pageviews 1 www.google.com 32,074 2 stackoverflow.com 25,706 3 www.reddit.com 22,825] System : ~jQuery(Javascript Framework) ~IIS (Web Server) ~Microsoft ASP.NET(Web Framework) ~Windows Server(Operating System) +-------------------------------------------+ Vulnerability on : Search System(Search Plugin/widget) +------------------!Using HTML injection!------------------+ Taget : www.timra.se Searching something easy(ex: asd) : http://timra.se/sok/?query=asd Using

HTML tag`s : http://timra.se/sok/ It parse in URL & take in input. But it not parse in search textbox & it take in input. http://imageshack.us/scaled/landing/28/tmrw.png +------------------!Using Cross Site Scripting{XSS}!------------------+ Target : www.timra.se Searching Something easy[again ;P](ex: asd) : http://timra.se/sok/?query=asd Using most usually JS(Javascript) tag : http://timra.se/sok/ It parse in URL & take in input. But it not parse in search textbox & it take in input. http://imageshack.us/scaled/landing/21/tmr2.png Bonus Proof : http://youtu.be/qJo-daSAXnY SHOUT`ZZZ & RESPECT TO : Anti-armenia.ORG (AA - Anti-armenia Team) All My Bro'S & ESPECIALLY : AkaStep , MetaizM , Ferid23 , BOT_25 , Leroy , AzSecurity All Anti-armenia Team member's!!! +-------------------------------------------+