MOSEB-25 Bonus: Vulnerability at

21:37 25.06.2007

New bonus vulnerability in DMOZ (Open Directory Project). In this case vulnerability at other domain, than in MOSEB-25: Vulnerabilities at

The vulnerability is at DMOZ ( in search results. This Cross-Site Scripting hole I found 25.05.2007.


The vulnerability is in locale parameter:

Also page with html injection hole has PR4. It will be interesting for black seo guys.

Moral: searching in catalogs can be dangerous.

Note, that DMOZ belongs to Netscape. So Netscape (and AOL) also responsible for this vulnerability.

Also note, that DMOZ search use AOL engine which use Google engine. So Google also responsible for this vulnerability.

Leave a Reply

You must be logged in to post a comment.