Websecurity - Веб безпека

Next participant of the project is My Way search engine. It is one of the popular meta search engines (in USA).

The vulnerabilities are at My Way (search.myway.com) in search results. These Cross-Site Scripting holes I found 27.05.2007.

XSS:

• alert(document.cookie)
• alert(document.cookie)
• alert(document.cookie)
• redirector
• html injection

The vulnerabilities are in searchfor, st and ptnrS parameters:
http://search.myway.com/search/AJmain.jhtml?ptnrS=mw&searchfor=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Moral: searching in meta engines can be risky.

Note, that My Way engine belongs to IAC Search & Media. So Ask.com also responsible for these vulnerabilities (as for their own at MOSEB-10 and MOSEB-10 Bonus).

This entry was posted on 21:46 16.06.2007 and is filed under MOSEB. You can follow any responses to this entry through the RSS 2.0 feed.