MOSEB-21: Vulnerabilities at www.dogpile.com
17:16 23.06.2007Last two days my site didn’t work. Because of hardware failure at server - the hard drive at server was broke . Now after the problem have been fixed (and my site moved to new server) my project continue to work in usual routine. Don’t worry, every post for every day of MOSEB will be posted as I planned (there will be no gaps). No one search engine vendor can’t hide from the truth.
Next participant of the project is Dogpile search engine. It is one of the popular meta search engines.
The vulnerabilities are at Dogpile Web Search (www.dogpile.com) in White Pages search. These Cross-Site Scripting holes I found 27.05.2007.
XSS:
The vulnerabilities are in qf and qn parameters:
http://www.dogpile.com/info.dogpl/white-pages/message.htm?otmpl=/white-pages/results.htm&qf=%27%3Cscript%3Ealert(document.cookie)%3C/script%3E&searchtype=citystate
Moral: searching in white pages can be risky.
Note, that Dogpile engine belongs to InfoSpace, Inc. So they also responsible for these vulnerabilities.