Im Quellcode ist folgendes zu beachten:
... Find the SEO content of this site's homepage via [url="http://www.itsec.cl/?_escaped_fragment_="]http://www.itsec.cl/...aped_fragment_=[/url] (That is where search engines like Google go to read your homepage's content.) ... tried to access an existing section and added a third invalid parameter, after that launched the attack code: Valid URL: [url="http://www.itsec.cl/?_escaped_fragment_=partners/c1ryi/"]http://www.itsec.cl/...partners/c1ryi/[/url] XSS URL: [url="http://www.itsec.cl/?_escaped_fragment_=partners/c1ryi/x%22"]http://www.itsec.cl/...rtners/c1ryi/x"[/url];><script>alert('xss')</script>