MOSEB-06: Vulnerabilities at clusty.com
Next participant of the project is Clusty search engine. It is new and popular engine which is meta engine and use clusters (it groups similar results into clusters ).
There are two vulnerabilities at main site of Clusty (clusty.com) in error message. These Cross-Site Scripting and Full path disclosure holes I found 24.05.2007. XSS vulnerability works only in Mozilla and Firefox, but not in IE (due the peculiarities of IE rendering engine and plaintext tag which was used by Clusty guys ).
XSS:
alert (document.cookie) ( Firefox) redirector (Firefox)
The vulnerability is in v: file parameter:
http://clusty.com/search?v% 3afile = viv_744% 4025% 3aTKjQZH & v% 3astate =% 28root% 29% 7croot% 3C/plaintext% 3E% 3C/script% 3E% 3Cscript% 3Ealert (document.cookie)% 3C/script% 3E
Note that value of v: file parameter (viv_744% 4025% 3aTKjQZH) is temporary and works for short time. So you need to have a fresh value for launching attack (use Clusty for searching and get this value ).
Full path disclosure:
http://clusty.com/search?v% 3afile = viv_738% 4020% 3avyqK9v-
Moral: error messages at search engines can be dangerous.
