MOSEB-12: Vulnerabilities at

19:46 12.06.2007

Next participant of the project is AltaVista search engine. It is one of the popular search engines.

The vulnerabilities are at AltaVista ( in Images, MP3/Audio, Video and News search. These Cross-Site Scripting holes I found 25.01.2007.


The vulnerabilities are in q parameter:

Moral: searching for images, audio, video and news can be dangerous.

Note, that AltaVista engine belongs to Yahoo! Inc. So Yahoo also responsible for these vulnerabilities (as for their own at MOSEB-02).


Also I prepared another hole concerned with AltaVista. So wait for today’s bonus post ;-) .

2 відповідей на “MOSEB-12: Vulnerabilities at”

  1. nikaury каже:

    5t :oops: :P :roll: :cry: :o :?

  2. MustLive каже:


    Yahoo fixed these holes already (in June).

Leave a Reply

You must be logged in to post a comment.