MOSEB-15 Bonus: Vulnerability in Google Custom Search Engine
22:57 15.06.2007New bonus vulnerability in Google. In this case vulnerability not directly at Google’s site, like at MOSEB-15: Vulnerabilities at images.google.com, but in his search engine called Google Custom Search Engine (also known as Google Co-op).
The hole are in Google Custom Search Engine, which can be used as local engine for site or as custom engine (for special purposes). And at present this engine are using by a lot of sites (and so many of them can be vulnerable).
Searching in Google (aka Google Hacking) allow you to quickly find sites which are using Google Custom Search Engine and find holes in them. So every user of this engine need to attend to security.
The vulnerability is in q parameter (in main script):
http://site/search.php?q=%3C%2Ftitle%3E%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E
As an examples I’ll show you three sites jumpup.intuit.com (hole found 25.10.2006), ukrbs.org.ua (hole found 17.04.2007) and progler.ru (hole found 15.06.2007) with this custom search engine.
http://jumpup.intuit.com
XSS:
Also page with html injection hole has PR4. It will be interesting for black seo guys.
http://ukrbs.org.ua
XSS:
http://progler.ru
XSS:
The main question: is Google thinking about its users’ security? Not too much. Like in case of others local engines Yandex in MOSEB-07 Bonus and AltaVista in MOSEB-12 Bonus. Vendors have a lot of places for improvement.
Moral #1: searching in custom engines can be dangerous.
Moral #2: if you are using local (custom) search engine at your site (even from famous vendor), always attend to security audit of the site.
Moral #3: if you are top search engine vendor you need to attend to security of your applications and not to put users of your services into the risk.
Четвер, 17:44 24.01.2008
Thanks, mate. Your articles helped me to win small discussion about local site search engines by telling about google SE bugs
Четвер, 20:03 24.01.2008
Dude, you are welcome
About holes in Google, in global and local search engines and in Google local engines I write regularly. After this article about vulnerability in Google Custom Search Engine, I wrote article about vulnerabilities in Google Search Appliance.
П'ятниця, 12:41 25.04.2008
waw, thanks for your post. i gotto check mine than. thanks again bro.
П'ятниця, 14:35 25.04.2008
Rohmat, you are welcome.
Вівторок, 14:57 19.05.2009
Great information. Thanks for the post. That was a spectacular article, need more great work like this out there.
Вівторок, 16:25 19.05.2009
Loretta, you are welcome.
I am glad that you liked my article.