MOSEB-12 Bonus: Vulnerability in AltaVista 22:40 12.06.2007
New bonus vulnerability in AltaVista. In this case vulnerability not directly at AltaVista’s site, like at MOSEB-12: Vulnerabilities at www.altavista.com, but in local search engine made by AltaVista.
The hole are in AltaVista local search engine, which can be used by a lot of sites (and so all of them can be vulnerable).
The vulnerability is in text parameter (in main script): http://site/?text=%3Cscript%3Ealert(document.cookie)%3C/script%3E
As an example I’ll show you site av.rbc.ru with this local search engine. I wrote about this hole before in article Vulnerabilities at sites of RBC. I found this hole 31.08.2006 and informed administrators of the site, and they already fixed this hole (but with big delay). I didn’t write about this velnerabilty as a separate hole in AltaVista local engine and decided to write about it in MOSEB. And it worth it, because there can be many sites in the web which use this engine. So everyone who use AltaVista local engine at own site need to attend to security.
Moral #1: local searching can be dangerous.
Moral #2: if you are using local search engine at your site (even from famous vendor), always attend to security audit of the site.
Note, that AltaVista local engine also belongs to Yahoo! Inc (like main AltaVista engine). So Yahoo also responsible for this vulnerability.