MOSEB-09 Bonus: Vulnerabilities at

22:57 09.06.2007

New bonus vulnerabilities at Rambler. These Cross-Site Scripting holes I found 01.06.2007. I found them when I looked for another holes for the project, after Rambler untimely fixed some that I prepared. Rambler need to behave itself properly (when participating in the project).

The holes at Rambler-FTP ( in search results and advanced settings. And these are XSS vulnerabilities like in MOSEB-09: Vulnerabilities at Rambler (total 12 new holes).

Search results (search.html).


The vulnerabilities are in words, ftype, form, what and sort1 parameters:

Advanced settings (advanced.html).


The vulnerabilities are in words, pflx, pfli, dflx, dfli, sl and sh parameters:

Moral: searching on ftp can be dangerous.

2 відповідей на “MOSEB-09 Bonus: Vulnerabilities at”

  1. Alex каже:


  2. MustLive каже:


    You are welcome.

Leave a Reply

You must be logged in to post a comment.