MOSEB-15 Bonus: Vulnerability in Google Custom Search Engine

22:57 15.06.2007

New bonus vulnerability in Google. In this case vulnerability not directly at Google’s site, like at MOSEB-15: Vulnerabilities at images.google.com, but in his search engine called Google Custom Search Engine (also known as Google Co-op).

The hole are in Google Custom Search Engine, which can be used as local engine for site or as custom engine (for special purposes). And at present this engine are using by a lot of sites (and so many of them can be vulnerable).

Searching in Google (aka Google Hacking) allow you to quickly find sites which are using Google Custom Search Engine and find holes in them. So every user of this engine need to attend to security.

The vulnerability is in q parameter (in main script):
http://site/search.php?q=%3C%2Ftitle%3E%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E

As an examples I’ll show you three sites jumpup.intuit.com (hole found 25.10.2006), ukrbs.org.ua (hole found 17.04.2007) and progler.ru (hole found 15.06.2007) with this custom search engine.

http://jumpup.intuit.com

XSS:

Also page with html injection hole has PR4. It will be interesting for black seo guys.

http://ukrbs.org.ua

XSS:

http://progler.ru

XSS:

The main question: is Google thinking about its users’ security? Not too much. Like in case of others local engines Yandex in MOSEB-07 Bonus and AltaVista in MOSEB-12 Bonus. Vendors have a lot of places for improvement.

Moral #1: searching in custom engines can be dangerous.

Moral #2: if you are using local (custom) search engine at your site (even from famous vendor), always attend to security audit of the site.

Moral #3: if you are top search engine vendor you need to attend to security of your applications and not to put users of your services into the risk.


6 відповідей на “MOSEB-15 Bonus: Vulnerability in Google Custom Search Engine”

  1. trovich каже:

    Thanks, mate. Your articles helped me to win small discussion about local site search engines by telling about google SE bugs :)

  2. MustLive каже:

    Dude, you are welcome ;-)

    About holes in Google, in global and local search engines and in Google local engines I write regularly. After this article about vulnerability in Google Custom Search Engine, I wrote article about vulnerabilities in Google Search Appliance.

  3. Rohmat каже:

    waw, thanks for your post. i gotto check mine than. thanks again bro.

  4. MustLive каже:

    Rohmat, you are welcome.

  5. Loretta каже:

    Great information. Thanks for the post. That was a spectacular article, need more great work like this out there.

  6. MustLive каже:

    Loretta, you are welcome.

    I am glad that you liked my article.

Leave a Reply

You must be logged in to post a comment.