Коментарі для запису: MOSEB-11: Vulnerability at www.ezilon.com

від: Trancer

Tue, 12 Jun 2007 23:11:37 +0000

Or use this:
http://www.ezilon.com/cgi-bin/jump/jump_search.cgi?q=m&cat=1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

від: MustLive

Tue, 12 Jun 2007 21:54:30 +0000

Hugh Sowden

You are welcome.

Thanks for you post. I need to tell that you are first from all search engines vendors which participate in my project who thanked me (some vendors ask me about their holes, but you only one thanked me). So Ezilon is one cultured search engine. Others search engines vendors need to follow your’s example .

P.S.

You fixed this vuln, but not completely. So it still work with some filter evasion technique:

alert(document.cookie) (IE)

You need to fix this hole competely

від: Hugh Sowden

Tue, 12 Jun 2007 19:47:13 +0000

Nice job guys!

We have solve that vulnerability issue. Thanks for taking off your busy time to analyze our site, we appreciate it.

This is now closed.