MOSEB-23: Vulnerabilities at

16:23 24.06.2007

Next participant of the project is My Search engine. It is one of the popular meta search engines (in USA).

The vulnerabilities are at My Search ( in search results. These Cross-Site Scripting holes (3 XSS and 1 XSS in DOM) I found 30.05.2007. First three holes are similar to such in MOSEB-16: Vulnerabilities at (My Search is a clone of My Way and they both belong to


The vulnerabilities are in searchfor, st and ptnrS parameters:

Also page with html injection hole has PR5 and black seo guys will be happy.

The fourth one is DOM Based XSS vulnerability. And it’s nice hole.


The vulnerability is in tpr parameter:;}alert(document.cookie);function%20a(){if(a=1)a='

Moral: using meta search engines can be risky.

Note, that My Search engine belongs to IAC Search & Media. So also responsible for these vulnerabilities.


Also I prepared others holes concerned with My Search and So wait for today’s bonus post ;-) .

Leave a Reply

You must be logged in to post a comment.