MOSEB-02: Vulnerability at search.yahoo.com
18:36 02.06.2007Next participant of the project is Yahoo search engine. It is 2nd of the top search engines in world.
The vulnerability is in Image Search of Yahoo! Search (http://images.search.yahoo.com). This Cross-Site Scripting hole I found 08.04.2007.
XSS:
The vulnerability is in rcurl parameter:
http://images.search.yahoo.com/search/images/view?rcurl=%22%20onLoad=%22javascript:alert(document.cookie)&rurl=test
Moral: searching for images can be dangerous.
Понеділок, 21:38 04.06.2007
I think this has been patched.
Понеділок, 23:40 04.06.2007
Yes, dasickis, it was patched alredy. I also rechecked this hole today and found that it has been fixed.
Well done, Yahoo. You was not so lazy and found time for fixing. Keep watching guys, I’ll mention Yahoo some more during the month.