Glype XSS - Non Persistent

22/06/2011 15:41

 So some days ago I was trying XSS on some website and I came across a XSS in one of the most used proxy systems, Glype V1.1, although that version is old and I doubt any change will be made, so might as well share, just because.


Released: January 30, 2009 <---- Very OLD, still the current >.<

Example, go to :

Code: [Select]
http://www.hidemyass.com/
Use the proxy to go to :
Code: [Select]
http://www.nsa.gov
Then in the search type for instance :
Code: [Select]
<script>alert("lol")</script><script>alert("lol")</script>
Of course NSA is secure, the problem is that NSA returns the query in URL, and that's where the proxy system fails, and when it tries to display it ends up executing code.
It isn't a big deal, just thought you might want to know, maybe lure someone to your own websites and execute code xD