"Purpose of this Month of Bugs is a demonstration of real state with security in search engines, which are the most popular sites in Internet. To let users of search engines and web community as a whole to understand all risks, which search engines bring to them. And also to draw attention of search engines’ owners to security issues of their sites.
During the month everyday will be publish vulnerabilities in most popular search engines of the world. Cross-Site Scripting vulnerabilities in particular. Everyday will be publish vulnerabilities in different engines (minimum one publication at a time, but there will be bonus publications also)."
The comments on RSnake's post answer several of the frequently asked questions.
Not sure what the meaning is, does he mean XSS in Google itself?
Ronald van den Heetkamp
In addition to that RSnake's post http://ha.ckers.org/blog/20070515/month-of-search-engine-bugs/ where I answered some questions in the comments there is one more.
In another RSnake's post http://ha.ckers.org/blog/20070517/more-on-the-net-request-validation-bypass/ I told about NET filters bypass in context of my MOSEB project. So tell your colleague Arian Evans to look at that post once more.
There will be XSS in Google search too (in one of its searches). There will be many holes in many search engines.
Just wait for June.
Post a Comment