An Indian hacker called Debasish Mandal revealed that an XSS vulnerability exposes the Speed Bit search engine to a potential JavaScript injection.
The Hacker News informs that in order to prove his findings, Debasish injected an
onmouseover JavaScript event into the website and as it turns out, it really works.
By bringing the mouse cursor over the language hyperlink, a pop-up window appears revealing the browser cookies.
This simple effect can be easily replaced by a cybercriminal with something more malevolent that could affect a lot of internet users.
The weakness has been reported but Speed Bit hasn't replied yet on the matter.
The search engine might not be as popular as Google, but a large number of users could be affected if a black hat would profit from the flaw.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
