MOSEB-10 Bonus: Vulnerabilities at www.ask.com
22:55 10.06.2007New bonus vulnerabilities at Ask. The Cross-Site Scripting hole sent me Silentz today (in contact script). Nice one, man. And after I checked it I found also 3 additional holes in that script and 4 holes in another script. So there are a lot of new XSS at Ask (thanks to Silentz).
The holes at Ask (www.ask.com) in contact forms Ask Customer Service and Consumer Feedback. And these are XSS vulnerabilities like in MOSEB-10: Vulnerabilities at www.ask.com (total 8 new holes).
Ask Customer Service (www.ask.com/contact).
XSS:
- alert(document.cookie)
- alert(document.cookie)
- alert(document.cookie)
- alert(document.cookie)
- redirector
- html injection (PR5)
The vulnerabilities are in optional-name, require-email, optional-url and optional-message parameters:
http://www.ask.com/contact?optional-name=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Also page with html injection hole has PR5 and black seo guys will be happy.
Consumer Feedback (www.ask.com/contactlegal).
XSS:
- alert(document.cookie)
- alert(document.cookie)
- alert(document.cookie)
- alert(document.cookie)
- redirector
- html injection
The vulnerabilities are also in optional-name, require-email, optional-url and optional-message parameters.
Moral: writing to search engine vendor in contact form can be risky.