MOSEB-17 Bonus: Vulnerability at

22:26 17.06.2007

New bonus vulnerability in Lycos. In this case vulnerability not at search domain, like at MOSEB-17: Vulnerability at, but at main domain of Lycos (in Retriever service).

The vulnerability is at main Lycos site ( in Lycos Retriever. This Cross-Site Scripting hole I found 10.06.2007.


The vulnerability is in query parameter:

Moral: surfing on search engines vendors’ sites can be risky.

Leave a Reply

You must be logged in to post a comment.