MOSEB-17: Vulnerability at

19:58 17.06.2007

Next participant of the project is Lycos search engine. It is one of the popular search engines.

The vulnerability is at Lycos ( in web search. This Cross-Site Scripting hole I found 09.10.2006. When I found this hole at Lycos in that October day, I first thought about making some project with vulns in search engines (which became MOSEB).


The vulnerability is in query parameter:

Also page with html injection hole has PR7. It is a sweet dream (and I made dream come true). And this is best choice for black seo guys :-) .

Moral: searching in the web can be dangerous.

Note, that Lycos engine use search engine. So also responsible for this vulnerability.


I prepared another hole at Lycos. So wait for today’s bonus post ;-) .

Leave a Reply

You must be logged in to post a comment.