Websecurity - Веб безпека

Next participant of the project is AOL Search engine. It is one of the popular search engines (in USA).

The vulnerability is at AOL Search (search.aol.com) in Recent Search History. This Cross-Site Scripting hole I found 24.05.2007 (and it is similar to second hole in MOSEB-19 Bonus: Vulnerabilities at search.netscape.com).

XSS:

• alert(document.cookie)
• redirector
• html injection

The vulnerability is in a parameter:
http://search.aol.com/aol/recent?invocationType=recentSearchMaint&a=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Moral: engines’ recent search history can be dangerous.

Note, that AOL engine use Google search engine. So Google also responsible for this vulnerability.

P.S.

Also I prepared others holes at AOL Search. So wait for today’s bonus post .

This entry was posted on 20:43 23.06.2007 and is filed under MOSEB. You can follow any responses to this entry through the RSS 2.0 feed.