MOSEB-07: Vulnerability at

18:54 07.06.2007

Next participant of the project is Yandex. It is the most popular Russian search engine.

The vulnerability is in Yandex blog search ( in script for getting botton for your blog. Last time about Yandex blog search I wrote in article New vulnerability at (hole was in ratings of the blogs and was quickly fixed after my informing). This Cross-Site Scripting hole I found 17.03.2007 and it is DOM Based Cross Site Scripting (XSS in DOM).


The vulnerability is in id parameter:'}alert(document.cookie);function a(n,h,w,type){//

Moral: searching for blogs and getting buttons for blogs can be risky.


Also I prepared others interesting holes concerned with Yandex. So wait for today’s bonus post ;-) .

Leave a Reply

You must be logged in to post a comment.