A Cross Site Scripting Vulnerability has been found in Alexa.com we all know about Alexa and if any body don’t know so can read below, so come to the point Alexa which provides Website Ranking all over the World ,the vulnerability exists in Alexa Toolbar search page-(search.toolbars.alexa.com) Which is a custom search provided by Google.
Hacker Named Kuksool from the Hacker Group “n0careteam” has done this Job.
Who is Alexa?
Alexa Internet, Inc. is a California-based subsidiary company of Amazon.com. Once it is installed, the Alexa toolbar collects data on browsing behavior and transmits it to the website, where it is stored and analyzed, forming the basis for the company’s web traffic reporting. As of 2013, Alexa provides traffic data, global rankings and other information on 30 million websites, and claims that 6 million people visit its website monthly
If you have installed the alexa toolbar on your browser so you can do the Practical Right Now, just inject the given Script in the Search box and see what happens:
SCRIPT- “>
Click to Enlarge |
Alexa Description from Wikipedia