Oscobo - Private Search Engine / Reflected XSS
#1
Oscobo is a new "private" search engine. They say they will never sell users info.

I have found multiple instances of reflected XSS vulnerabilites on their site, they are all listed below.

XSS
https://oscobo.co.uk/mobile/image.php?q=...Fscript%3E
https://oscobo.co.uk/mobile/news.php?q=%...Fscript%3E
https://oscobo.co.uk/mobile/search.php?q...Fscript%3E
https://oscobo.co.uk/mobile/twitter.php?...Fscript%3E
https://oscobo.co.uk/mobile/video.php?q=...Fscript%3E
Reply
#2
That's pretty bad from them, haha. Nice find!
Reply
#3
(01-09-2016, 02:23 AM)zeroday Wrote: That's pretty bad from them, haha. Nice find!

I find it funny when websites based on privacy like this have vulnerabilities like this.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Tutorial] XSS through Exif headers Insider 1 546 06-16-2020, 11:51 AM
Last Post: LaZr4us
  Guide to XSS (Examples included) NO-OP 3 12,376 04-29-2019, 12:44 PM
Last Post: mhiats37
  [PoC] RunBox.com x MailChimp.com - Stored XSS Vulnerabilities (Bug Bounty Hunting) Daisuke Dan 3 5,754 04-24-2019, 08:47 PM
Last Post: thunder
  Exploiting Reflective XSS (Post) Insider 1 4,181 04-24-2019, 08:32 PM
Last Post: thunder