MOSEB-04: Vulnerability at www.gigablast.com
20:44 04.06.2007Next participant of the project is Gigablast search engine. It is one of the popular search engines (as I found out in Internet).
The vulnerability is at Gigablast (www.gigablast.com) in Add a Url script. This Cross-Site Scripting hole I found 23.05.2007.
XSS:
The vulnerability is in u parameter:
http://www.gigablast.com/addurl?u=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Also page with html injection hole has PR5. So black seo guys can be happy.
Moral: adding url into search engines can be dangerous.
