The Month of Search Engine Bugs by MustLive has come to an end.
MutLive reports:
In the project took part 33 search engines (30 web engines and 3 local engines) of 19 vendors, some vendors have several engines. The list of project’s participants (in order of appearance): Meta, Yahoo, HotBot, Gigablast, MSN, Clusty, Yandex, Yandex.Server (local engine), Search Europe, Rambler, Ask.com, Ezilon, AltaVista, AltaVista local (local engine), MetaCrawler, Mamma, Google, Google Custom Search Engine (local engine), My Way, Lycos, Aport, Netscape Search, WebCrawler, Dogpile, AOL Search, My Search, My Web Search, LookSmart, DMOZ (Open Directory Project), InfoSpace, Euroseek, Kelkoo, Excite.
Altogether there were published 104 vulnerabilities in mentioned engines. Including Cross-Site Scripting (as XSS, and as HTML Injection), Full path disclosure, Content Spoofing and Information disclosure vulnerabilities. It is without taking into account redirectors in search engines (altogether there were published 23 redirectors).
Results of the projects: fixed 44 vulnerabilities from 104 (without taking into account redirectors). It is 42,31% fixed vulnerabilities. Owners of search engines have a place for improvements of their engines’ security.
Over a period of 30 days, 104 and vulnerabilities/bugs were discovered out of which only 44 have been fixed. Out of these 19 vendors, only two (Rambler and Ezilon) have thanked him for his commendable hardwork.
Several researchers, including Jeremiah, RSnake, Christ1an etc. blogged about it. Considering the complexities involved in the fixing a bug, they agree at some point that 44 is still a good number. However, there is one Big “Cheer” Leader which isn’t fixing the bugs. No points for guessing that the Leader believes in “not doing evil things”.