MOSEB-08: Vulnerability at searcheurope.com
22:32 08.06.2007Next participant of the project is Search Europe search engine. This is regional engine and it has European releated information (it’s not big, but it is regional). I found this site when was looking for European engines for the project, because there are to many engines from USA in participants’ list (and I was trying to make the project world-wide).
So here it is - one more European search engine (even if it’s locating in USA 
, as I got to know later), in addition to Ukrainian and Russian engines. Don’t worry guys, there will be others European engines during this month (but larger part of all participants are USA engines).
There is vulnerability at main site of Search Europe (www.searcheurope.com) in search results. This Cross-Site Scripting hole I found 25.05.2007.
XSS:
The vulnerability is in query parameter:
http://www.searcheurope.com/cgi-bin/links/search.cgi?query=%3C/title%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Moral: even simple searching can be risky.
Субота, 04:12 09.06.2007
they fixed it.
here’s another one:
http://photos.searcheurope.com/searcheurope/search.php?q=%3Cscript%3Ealert(0)%3C/script%3E
Субота, 18:33 09.06.2007
Trancer
Thanks man. They quickly fixed this hole. And owner of engine was worry that he couldn’t fix this hole, but I have no doubt that he can, and he did.
They already fixed your hole also, but not completely, so there is another way for XSS in that script:
alert(document.cookie)
Antoine (Search Europe owner)
No need to worry about these vulnerabilties - you can fix them and you did. I had no doubt about that. And you need to fix last hole (at photos.searcheurope.com) completely, because as I show above there still is a hole.
Середа, 03:00 13.06.2007
POST http://www.searcheurope.com/cgi-bin/links/user.cgi
login=1&Username=”>alert(document.cookie)&Password=xxx
Середа, 03:01 13.06.2007
with script tags.. damn wordpress