MOSEB-26 Bonus: Vulnerability at ypng.infospace.com

22:31 26.06.2007

New bonus vulnerability in InfoSpace. In this case vulnerability at other domain, than in MOSEB-26: Vulnerabilities at www.infospace.com.

The vulnerability is at InfoSpace (ypng.infospace.com) in Yellow Pages search. This Cross-Site Scripting hole I found 27.05.2007.

XSS:

The vulnerability is in qa parameter:
http://ypng.infospace.com/home/yellow-pages/redir.htm?fromform=near&qa=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Moral: searching in yellow pages can be dangerous.


2 відповідей на “MOSEB-26 Bonus: Vulnerability at ypng.infospace.com”

  1. Nick каже:

    Thanks mate, that’s awesome again!
    Are those the pages that will get indexed easily, or it’s everyone’s business to make sure they will?

  2. MustLive каже:

    Nick

    It’s everyone’s business to make engines’ spiders indexed these links and these pages with your backwards links. Spiders like to index everything, but you need to let them do it - you need to create opportunity for this.

    Dude, it is better to ask about this experienced black seo guys who working with such type of links.

    Spiders index such type of links and pages (differently in different engines), you need to practice in this. So you must make that these pages will get indexed (and look at results in different engines, because some are indexing such pages and some are not). I have different experience with it and I’m still researching in this area.

Leave a Reply

You must be logged in to post a comment.