Коментарі для запису: MOSEB-08: Vulnerability at searcheurope.com

від: Trancer

Wed, 13 Jun 2007 00:01:37 +0000

with script tags.. damn wordpress

від: Trancer

Wed, 13 Jun 2007 00:00:38 +0000

POST http://www.searcheurope.com/cgi-bin/links/user.cgi

від: MustLive

Sat, 09 Jun 2007 15:33:45 +0000

Trancer

Thanks man. They quickly fixed this hole. And owner of engine was worry that he couldn’t fix this hole, but I have no doubt that he can, and he did.

They already fixed your hole also, but not completely, so there is another way for XSS in that script:

alert(document.cookie)

Antoine (Search Europe owner)

No need to worry about these vulnerabilties - you can fix them and you did. I had no doubt about that. And you need to fix last hole (at photos.searcheurope.com) completely, because as I show above there still is a hole.

від: Trancer

Sat, 09 Jun 2007 01:12:08 +0000

they fixed it.
here’s another one:
http://photos.searcheurope.com/searcheurope/search.php?q=%3Cscript%3Ealert(0)%3C/script%3E