Month of search engine bugs humming along

Month of search engine bugs humming along

Summary: Almost without notice, the ongoing month of search engine bugs is chugging along, discussing and exposing some some rather serious vulnerabilities in some of the world's most popular search engines.

SHARE:
TOPICS: Security, Browser
4

Almost without notice, the ongoing month of search engine bugs is chugging along, discussing and exposing some some rather serious vulnerabilities in some of the world's most popular search engines.

Google

The handiwork of a Ukranian hacker known as "MustLive," the project has published details on cross-site scripting and information disclosure holes haunting the likes of Google, Yahoo, MSN, Ask, Netscape and a range of meta search engines.

The hacker has shown how easy it is to manipulate search queries to inject HTML or conduct side redirection attacks.

Some of the more prominent examples include:

MOSEB-15: Vulnerabilities at Google's image search (http://images.google.com) could expose users to content spoofing and redirection attacks.

This Google search query exposes an information disclosure bug in the way Google's spider indexes Web sites. This example exposes plain-text FTP credentials of YouTube users.

MOSEB-19 demos a persistent cross-site scripting flaw in AOL's Netscape search property.

The Mamma.com meta-search engine contains several vulnerabilities that could cause HTML injection, redirection or XSS attacks.

Flaws in Yahoo and Lycos are also exposed, with demos and explanations.

Topics: Security, Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Message has been deleted.

    saywhatdog
  • *sigh* What about Live Search?

    Are there any vulnerabilities in Live Search? Am I missing something?
    Grayson Peddie
    • Why do you ask?

      Live Search is perfect. No bugs. Please move on.

      All my links to the MoSEB are failing though. I'm getting "The connection was reset" in Firefox and something vaguer in IE.
      larry@...
      • Well I didn't mean to ask.

        Well I prefer Live Search over other search engines...

        Thanks for answering.
        Grayson Peddie