MOSEB-28: Vulnerabilities in Kelkoo

20:34 28.06.2007

Next participant of the project is Kelkoo search engine. It is one of the popular search engines for shopping (and now it belongs to Yahoo and is a part of Yahoo! Shopping).

The vulnerabilities are at two domains of Kelkoo (books.kelkoo.co.uk and fr.kelkoo.be) in books comparison and digital cameras comparison. These Cross-Site Scripting hole I found 27.05.2007 (at books.kelkoo.co.uk) and 25.06.2007 (at fr.kelkoo.be) and they both are DOM Based XSS (pretty ones).

XSS in DOM:

The vulnerability is in isbn parameter:
http://books.kelkoo.co.uk/ctl/do/compare?from=shopbot&catPath=uk%2Fbooks&catId=100801&isbn=%27==%27%27){;}}alert(document.cookie);function%20a(myisbn){if(%27

There is only one moment with it (such as with Microsoft at MOSEB-05 and Rambler at MOSEB-09) - Kelkoo fixed this vulnerability before this official disclosure. As I checked this hole four days ago, I found that they fixed this hole (which were planned for MOSEB). It was bad move from them to fix this vuln untimely (because when you are in project, holes need to be fixed in time). But I found abother hole at Kelkoo, which I present for you. Kelkoo and Yahoo (and others vendors) need to understand, that they can’t escape from me and my project :-) .

XSS in DOM:

The vulnerability is in pids parameter:
http://fr.kelkoo.be/ctl/do/compareProducts?catId=124901&pids=%22');alert(document.cookie);//

Moral: searching for shopping can be risky.

Note, that Kelkoo engine belongs to Yahoo! Inc. So Yahoo also responsible for these vulnerabilities.

P.S.

Also I prepared another hole concerned with Kelkoo and Yahoo. So wait for today’s bonus post ;-) .


Leave a Reply

You must be logged in to post a comment.