MOSEB-08: Vulnerability at searcheurope.com

22:32 08.06.2007

Next participant of the project is Search Europe search engine. This is regional engine and it has European releated information (it’s not big, but it is regional). I found this site when was looking for European engines for the project, because there are to many engines from USA in participants’ list (and I was trying to make the project world-wide).

So here it is - one more European search engine (even if it’s locating in USA :-) , as I got to know later), in addition to Ukrainian and Russian engines. Don’t worry guys, there will be others European engines during this month (but larger part of all participants are USA engines).

There is vulnerability at main site of Search Europe (www.searcheurope.com) in search results. This Cross-Site Scripting hole I found 25.05.2007.

XSS:

The vulnerability is in query parameter:
http://www.searcheurope.com/cgi-bin/links/search.cgi?query=%3C/title%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Moral: even simple searching can be risky.


4 відповідей на “MOSEB-08: Vulnerability at searcheurope.com”

  1. Trancer каже:

    they fixed it.
    here’s another one:
    http://photos.searcheurope.com/searcheurope/search.php?q=%3Cscript%3Ealert(0)%3C/script%3E

  2. MustLive каже:

    Trancer

    Thanks man. They quickly fixed this hole. And owner of engine was worry that he couldn’t fix this hole, but I have no doubt that he can, and he did.

    They already fixed your hole also, but not completely, so there is another way for XSS in that script:

    alert(document.cookie)

    Antoine (Search Europe owner)

    No need to worry about these vulnerabilties - you can fix them and you did. I had no doubt about that. And you need to fix last hole (at photos.searcheurope.com) completely, because as I show above there still is a hole.

  3. Trancer каже:

    POST http://www.searcheurope.com/cgi-bin/links/user.cgi

    login=1&Username=”>alert(document.cookie)&Password=xxx

  4. Trancer каже:

    with script tags.. damn wordpress

Leave a Reply

You must be logged in to post a comment.