« Добірка експлоітів
MOSEB-10 Bonus: Vulnerabilities at www.ask.com »

MOSEB-10: Vulnerabilities at www.ask.com

20:49 10.06.2007

Next participant of the project is Ask search engine. It is one of the popular search engines.

The vulnerabilities are in Ask web search. These Cross-Site Scripting holes I found 10.05.2007.

XSS:

The vulnerabilities are in qid and jss parameters:
http://www.ask.com/web?q=test&qid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Also page with html injection hole has PR5. So black seo guys will be happy.

Moral: searching in the web can be dangerous.

P.S.

I prepared others holes at Ask.com. So wait for today’s bonus post ;-) .


This entry was posted on 20:49 10.06.2007 and is filed under MOSEB. You can follow any responses to this entry through the RSS 2.0 feed.

Одна відповідь на “MOSEB-10: Vulnerabilities at www.ask.com”

  1. Silentz каже:
    Неділя, 22:52 10.06.2007

    Ahh Jeeves, Jeeves, Jeeves…where did you go wrong? Good stuff mate!

Leave a Reply

You must be logged in to post a comment.