Month of search engine bugs humming along

Almost without notice, the ongoing month of search engine bugs is chugging along, discussing and exposing some some rather serious vulnerabilities in some of the world's most popular search engines.

Almost without notice, the ongoing month of search engine bugs is chugging along, discussing and exposing some some rather serious vulnerabilities in some of the world's most popular search engines.

Google

The handiwork of a Ukranian hacker known as "MustLive," the project has published details on cross-site scripting and information disclosure holes haunting the likes of Google, Yahoo, MSN, Ask, Netscape and a range of meta search engines.

The hacker has shown how easy it is to manipulate search queries to inject HTML or conduct side redirection attacks.

Some of the more prominent examples include:

MOSEB-15: Vulnerabilities at Google's image search (http://images.google.com) could expose users to content spoofing and redirection attacks.

This Google search query exposes an information disclosure bug in the way Google's spider indexes Web sites. This example exposes plain-text FTP credentials of YouTube users.

MOSEB-19 demos a persistent cross-site scripting flaw in AOL's Netscape search property.

The Mamma.com meta-search engine contains several vulnerabilities that could cause HTML injection, redirection or XSS attacks.

Flaws in Yahoo and Lycos are also exposed, with demos and explanations.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All