Month of search engine bugs humming along

Summary:Almost without notice, the ongoing month of search engine bugs is chugging along, discussing and exposing some some rather serious vulnerabilities in some of the world's most popular search engines.

Almost without notice, the ongoing month of search engine bugs is chugging along, discussing and exposing some some rather serious vulnerabilities in some of the world's most popular search engines.

Google

The handiwork of a Ukranian hacker known as "MustLive," the project has published details on cross-site scripting and information disclosure holes haunting the likes of Google, Yahoo, MSN, Ask, Netscape and a range of meta search engines.

The hacker has shown how easy it is to manipulate search queries to inject HTML or conduct side redirection attacks.

Some of the more prominent examples include:

MOSEB-15: Vulnerabilities at Google's image search (http://images.google.com) could expose users to content spoofing and redirection attacks.

This Google search query exposes an information disclosure bug in the way Google's spider indexes Web sites. This example exposes plain-text FTP credentials of YouTube users.

MOSEB-19 demos a persistent cross-site scripting flaw in AOL's Netscape search property.

The Mamma.com meta-search engine contains several vulnerabilities that could cause HTML injection, redirection or XSS attacks.

Flaws in Yahoo and Lycos are also exposed, with demos and explanations.

Topics: Security, Browser

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.