MOSEB-03 Bonus: Persistent XSS at

21:50 03.06.2007

New bonus vulnerabilities at These Cross-Site Scripting holes I found yesterday, 02.06.2007 (when I decided to make a bonus bug for you for 3rd day of the project), and these are persistent XSS.

The holes at main domain of search engine, like MOSEB-03: Vulnerability at, but these vulnerabilities (two holes) are much more interesting. This is a complex CSRF + XSS attack which make these persistent XSS working.


The vulnerability is in prefs_filters.php script (in dfi and dfe parameters) which designed to save filters. And this function can be used to attack engine’s visitors:

First you use CSRF (for example via frame or iframe tag) to save XSS code (into user’s cookie). And then user must go to (you may trick him to visit the site) to execute XSS hole.

Moral: even visiting main page of search engine can be dangerous.

Note, that HotBot belongs to Lycos. So Lycos also responsible for these vulnerabilities.

Leave a Reply

You must be logged in to post a comment.