MOSEB-19: Persistent XSS at search.netscape.com

20:38 19.06.2007

Next participant of the project is Netscape Search engine. It is one of the popular meta search engines (in USA).

The vulnerability is at Netscape Search (search.netscape.com) in search results (in Search History). This Cross-Site Scripting hole I found 18.05.2007 and it is persistent XSS.

Like in MOSEB-03 Bonus: Persistent XSS at hotbot.com this is also a complex CSRF + XSS attack which make this persistent XSS working.

CSRF + XSS:

The vulnerability is in query parameter and appears in Search History function (which remember user’s search queries):
http://search.netscape.com/search/search?invocationType=topsearchbox.webhome&query=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

First you use CSRF (for example via frame or iframe tag) to save XSS code into user’s Search History. And then user must go to search.netscape.com and search, or just visit by simple link to engine (you may trick him to visit the site) to execute XSS hole.

Moral: even just simple searching in engine can be dangerous.

Note, that Netscape engine use AOL search engine (which use Google engine). So Google also responsible for this vulnerability.

P.S.

Also I prepared others holes at Netscape Search. So wait for today’s bonus post ;-) .


Leave a Reply

You must be logged in to post a comment.