MOSEB-11: Vulnerability at

21:32 11.06.2007

Next participant of the project is Ezilon search engine. Ezilon Europe it is regional web directory and search engine.

There is vulnerability at main site of Ezilon ( in search results. This Cross-Site Scripting hole I found 25.05.2007.


The vulnerability is in q parameter:

Moral: regional searching can be dangerous.

3 відповідей на “MOSEB-11: Vulnerability at”

  1. Hugh Sowden каже:

    Nice job guys!

    We have solve that vulnerability issue. Thanks for taking off your busy time to analyze our site, we appreciate it.

    This is now closed. ;)

  2. MustLive каже:

    Hugh Sowden

    You are welcome.

    Thanks for you post. I need to tell that you are first from all search engines vendors which participate in my project who thanked me (some vendors ask me about their holes, but you only one thanked me). So Ezilon is one cultured search engine. Others search engines vendors need to follow your’s example ;-) .


    You fixed this vuln, but not completely. So it still work with some filter evasion technique:

    alert(document.cookie) (IE)

    You need to fix this hole competely ;-)

  3. Trancer каже:

    Or use this:

Leave a Reply

You must be logged in to post a comment.