MOSEB-20: Vulnerabilities at webcrawler.com

18:36 20.06.2007

Next participant of the project is WebCrawler search engine. It is one of the popular meta search engines.

The vulnerabilities are at WebCrawler Web Search (www.webcrawler.com) in White Pages search. These Cross-Site Scripting holes I found 26.05.2007.

XSS:

The vulnerabilities are in qf and qn parameters:
http://www.webcrawler.com/info.wbcrwl/white-pages/message.htm?otmpl=/white-pages/results.htm&qf=%27%3Cscript%3Ealert(document.cookie)%3C/script%3E&searchtype=citystate

Moral: using white pages search can be dangerous.

Note, that WebCrawler engine belongs to InfoSpace, Inc. So they also responsible for these vulnerabilities.

P.S.

Also I prepared another interesting bug. So wait for today’s bonus post ;-) .


Leave a Reply

You must be logged in to post a comment.