Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17486
HistoryJul 13, 2007 - 12:00 a.m.

MOSEB-12 Bonus: Vulnerability in AltaVista

2007-07-1300:00:00
vulners.com
26
JSON

MOSEB-12 Bonus: Vulnerability in AltaVista
22:40 12.06.2007

New bonus vulnerability in AltaVista. In this case vulnerability not directly at AltaVista’s site, like at MOSEB-12: Vulnerabilities at www.altavista.com, but in local search engine made by AltaVista.

The hole are in AltaVista local search engine, which can be used by a lot of sites (and so all of them can be vulnerable).

The vulnerability is in text parameter (in main script):
http://site/?text=%3Cscript%3Ealert(document.cookie)%3C/script%3E

As an example I’ll show you site av.rbc.ru with this local search engine. I wrote about this hole before in article Vulnerabilities at sites of RBC. I found this hole 31.08.2006 and informed administrators of the site, and they already fixed this hole (but with big delay). I didn’t write about this velnerabilty as a separate hole in AltaVista local engine and decided to write about it in MOSEB. And it worth it, because there can be many sites in the web which use this engine. So everyone who use AltaVista local engine at own site need to attend to security.

XSS:

* alert(document.cookie)

Moral #1: local searching can be dangerous.

Moral #2: if you are using local search engine at your site (even from famous vendor), always attend to security audit of the site.

Note, that AltaVista local engine also belongs to Yahoo! Inc (like main AltaVista engine). So Yahoo also responsible for this vulnerability.

JSON