MOSEB-28 Bonus: Vulnerability at

22:42 28.06.2007

New bonus vulnerability in MOSEB. This time vulnerability at Yahoo! Shopping. As I wrote in MOSEB-28, Kelkoo belongs to Yahoo (and used as a part of Yahoo! Shopping) so I decided to write about hole at (which is relative to Kelkoo engine that described in MOSEB-28: Vulnerabilities in Kelkoo). This is new vulnerability in Yahoo, after MOSEB-02.

The vulnerability is at Yahoo! Shopping ( in Abuse Report. This Cross-Site Scripting hole I found 24.06.2007 and it works in Internet Explorer. It is very cute hole: to bypass filters I used variable-width encoding with expression technique.


The vulnerability is in review_excerpt with review_title parameters:;_ylu=?message_id=scd-337&merchant_id=1002688&review_excerpt=style%3Dxss:expression(alert(document.cookie))%20%C0&review_title=%C0

Moral: writing reports to search engine vendors can be dangerous.

Leave a Reply

You must be logged in to post a comment.