MOSEB-23 Bonus: Vulnerabilities at

17:51 24.06.2007

New bonus vulnerabilities in MOSEB. Next participant of the project is My Web Search engine. It is one of the popular meta search engines (in USA). My Web Search is a clone My Search which is a clone of My Way (these three engines are clones) and they all belong to They like to make clones. It is clone wars :D .

The vulnerabilities are at My Web Search ( in search results. These Cross-Site Scripting holes (2 XSS and 1 XSS in DOM) I found 31.05.2007. This holes are similar to such in MOSEB-23: Vulnerabilities at


The vulnerabilities are in st, ptnrS and tpr parameters:

Moral #1: meta searching can be risky.

Moral #2: making clone engines is risky, because it’s harder to make three engines secure than one. So better to have one secure engine, than three (even four with unsecure.

Moral #3: using (and even visiting) clone search engines can be dangerous.

Note, that My Web Search engine belongs to IAC Search & Media. So also responsible for these vulnerabilities.

Leave a Reply

You must be logged in to post a comment.