MOSEB-19 Bonus: Vulnerabilities at search.netscape.com

22:52 19.06.2007

New bonus vulnerabilities in Netscape Search. In this case vulnerabilities at the same domain, like in MOSEB-19: Persistent XSS at search.netscape.com.

The vulnerabilities are at Netscape Search. There are two Cross-Site Scripting holes and these holes was found 19.06.2007. First one, which sent me Yorn today, is XSS (persistent) vuln in Search History - it is the same vuln as one I described at MOSEB-19, but that was hole in search script, and this hole is in image script.

CSRF + XSS:

The vulnerability is in query parameter:
http://search.netscape.com/search/image?invocationType=topsearchbox.image&query=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

First you use CSRF to save XSS code into user’s Search History. And then you trick user to visit site by simple link to engine to execute XSS.

Second hole, which I found today (when decided to make bonus post for you), it is XSS in Recent Search function.

XSS:

The vulnerability is in a parameter:
http://search.netscape.com/search/gib?invocationType=recentSearchMaint&a=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Moral: search history in engines can be dangerous.

Note, that Netscape engine use AOL search engine which use Google engine. So Google also responsible for these vulnerabilities.


Leave a Reply

You must be logged in to post a comment.