MOSEB-10: Vulnerabilities at www.ask.com
20:49 10.06.2007Next participant of the project is Ask search engine. It is one of the popular search engines.
The vulnerabilities are in Ask web search. These Cross-Site Scripting holes I found 10.05.2007.
XSS:
The vulnerabilities are in qid and jss parameters:
http://www.ask.com/web?q=test&qid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Also page with html injection hole has PR5. So black seo guys will be happy.
Moral: searching in the web can be dangerous.
P.S.
I prepared others holes at Ask.com. So wait for today’s bonus post .
Неділя, 22:52 10.06.2007
Ahh Jeeves, Jeeves, Jeeves…where did you go wrong? Good stuff mate!