July 30, 2001

Search engines HTML parsing vulnerability (Lycos)

Author: JT Smith

A heads-up from SecuriTeam: "A security vulnerability has been confirmed in Lycos's Search Engine (other engines are suspected to be vulnerable as well).
The vulnerability allows malicious web site owners to cause JavaScript code (or any other HTML code) to get included in the
search results displayed to the end user by Lycos. A malicious user may create an interface embedded into the engines pages (if the search engine supports PHP this is even
worse; a malicious web site can build up a shell) or start a redirect attack."


  • Linux
Click Here!