MOSEB-11: Vulnerability at www.ezilon.com
21:32 11.06.2007Next participant of the project is Ezilon search engine. Ezilon Europe it is regional web directory and search engine.
There is vulnerability at main site of Ezilon (www.ezilon.com) in search results. This Cross-Site Scripting hole I found 25.05.2007.
XSS:
The vulnerability is in q parameter:
http://www.ezilon.com/cgi-bin/jump/jump_search.cgi?cat=1&q=--%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Moral: regional searching can be dangerous.
Вівторок, 22:47 12.06.2007
Nice job guys!
We have solve that vulnerability issue. Thanks for taking off your busy time to analyze our site, we appreciate it.
This is now closed.
Середа, 00:54 13.06.2007
Hugh Sowden
You are welcome.
Thanks for you post. I need to tell that you are first from all search engines vendors which participate in my project who thanked me (some vendors ask me about their holes, but you only one thanked me). So Ezilon is one cultured search engine. Others search engines vendors need to follow your’s example
.
P.S.
You fixed this vuln, but not completely. So it still work with some filter evasion technique:
alert(document.cookie) (IE)
You need to fix this hole competely
Середа, 02:11 13.06.2007
Or use this:
http://www.ezilon.com/cgi-bin/jump/jump_search.cgi?q=m&cat=1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E