MOSEB-29 Bonus: Vulnerabilities in Excite White Pages

22:32 29.06.2007

New bonus vulnerabilities in Excite. In this case vulnerabilities at other domain, than in MOSEB-29: Vulnerabilitiy at

The vulnerability is at Excite White Pages ( which located on server of InfoSpace (Excite’s partner). These Cross-Site Scripting holes I found 31.05.2007.


The vulnerabilities are in qn, qf and qc parameters:

Moral: seeking in white pages can be dangerous.

Note, that Excite engine belongs to IAC Search & Media. So also responsible for these vulnerabilities.

Also note, that Excite White Pages engine use InfoSpace engine. So InfoSpace also responsible for these vulnerabilities.

Leave a Reply

You must be logged in to post a comment.