Recently I installed a software which changed my default search of firefox to Babylon search. It is a popular search engine and ranks high in alexa. The search engine can be reached at http://search.babylon.com/home
The search engine is vulnerable to a perticular type of XSS attack. Since no one has ever reported about a vulnerability in this search engine so I can take the credit ( cool man! ) .
The search engine can be XSSed by first adding a normal string at the beginning and then add the script. Since the search engine has implemented XSS filtering so it can be bypassed by crafting a different vector.
Notice the search term that I have used here. On executing the script, an alert box will be displayed notifying the successful execution of script.
Here is the complete vulnerable url :