A hacker named as kuksool from the hacker group "n0careteam" has discovered a Cross Site scripting vulnerability in the Alexa website -A California-based subsidiary company of Amazon.com that provides infromation about websites including Internet traffic stats, rank.
The vulnerability exists in the Alexa Toolbar search page(search.toolbars.alexa.com) - A custom search provided by Google.
If you have installed the toolbar in your browser & inject this script in the search box, it successfully executes the given script:
"><script>alert(" E Hacking News")</script>
 |
| Xss in Alexa Toolbar Search |
POC:
http://search.toolbars.alexa.com/?q="><script>alert("+E+Hacking+News")</script>Recently the same hacker group discovered XSS vulnerability in high profile websites including Russian and Malaysia Government sites, Music.com, New York Magazine.
