New bonus vulnerability in MOSEB. This time vulnerability at Yahoo! Shopping. As I wrote in MOSEB-28, Kelkoo belongs to Yahoo (and used as a part of Yahoo! Shopping) so I decided to write about hole at shopping.yahoo.com (which is relative to Kelkoo engine that described in MOSEB-28: Vulnerabilities in Kelkoo). This is new vulnerability in Yahoo, after MOSEB-02.
The vulnerability is at Yahoo! Shopping (shopping.yahoo.com) in Abuse Report. This Cross-Site Scripting hole I found 24.06.2007 and it works in Internet Explorer. It is very cute hole: to bypass filters I used variable-width encoding with expression technique.
The vulnerability is in review_excerpt with review_title parameters:
Moral: writing reports to search engine vendors can be dangerous.