SHARE

A Cross Site Scripting Vulnerability has been found in Alexa.com we all know about Alexa and if any body don’t know so can read below, so come to the point Alexa which provides Website Ranking all over the World ,the vulnerability exists in  Alexa Toolbar search page-(search.toolbars.alexa.com) Which is a custom search provided by Google.

Hacker Named Kuksool from the Hacker Group “n0careteam” has done this Job. 

Who is Alexa?

Alexa Internet, Inc. is a California-based subsidiary company of Amazon.com. Once it is installed, the Alexa toolbar collects data on browsing behavior and transmits it to the website, where it is stored and analyzed, forming the basis for the company’s web traffic reporting. As of 2013, Alexa provides traffic data, global rankings and other information on 30 million websites, and claims that 6 million people visit its website monthly

If you have installed the alexa toolbar on your browser so you can do the Practical Right Now, just inject the given Script in the Search box and see what happens:

SCRIPT- “>

Click to Enlarge

Alexa Description from Wikipedia

NO COMMENTS

LEAVE A REPLY

This site uses Akismet to reduce spam. Learn how your comment data is processed.