{"id":38,"date":"2007-07-03T11:27:34","date_gmt":"2007-07-03T11:27:34","guid":{"rendered":"http:\/\/codeinmybug.wordpress.com\/2007\/07\/03\/month-of-search-engine-bugs-mission-accomplished\/"},"modified":"2008-05-07T15:14:58","modified_gmt":"2008-05-07T09:44:58","slug":"month-of-search-engine-bugs-mission-accomplished","status":"publish","type":"post","link":"https:\/\/projectbee.org\/blog\/archive\/month-of-search-engine-bugs-mission-accomplished\/","title":{"rendered":"Month of Search Engine Bugs: &#8220;Mission Accomplished&#8221;"},"content":{"rendered":"<p>The <a href=\"http:\/\/websecurity.com.ua\/1114\/\">Month of Search Engine Bugs <\/a>by <a href=\"http:\/\/websecurity.com.ua\/\">MustLive<\/a> has come to an end.<\/p>\n<p>MutLive reports:<\/p>\n<blockquote><p>In the project took part <strong>33 search engines<\/strong> (30 web engines and 3 local engines) of <strong>19 vendors<\/strong>, some vendors have several engines. The list of project\u2019s participants (in order of appearance): <em>Meta, Yahoo, HotBot, Gigablast, MSN, Clusty, Yandex, Yandex.Server (local engine), Search Europe, Rambler, Ask.com, Ezilon, AltaVista, AltaVista local (local engine), MetaCrawler, Mamma, Google, Google Custom Search Engine (local engine), My Way, Lycos, Aport, Netscape Search, WebCrawler, Dogpile, AOL Search, My Search, My Web Search, LookSmart, DMOZ (Open Directory Project), InfoSpace, Euroseek, Kelkoo, Excite<\/em>.<\/p>\n<p>Altogether there were published 104 vulnerabilities in mentioned engines. Including Cross-Site Scripting (as XSS, and as HTML Injection), Full path disclosure, Content Spoofing and Information disclosure vulnerabilities. It is without taking into account redirectors in search engines (altogether there were published 23 redirectors).<\/p>\n<p><strong>Results of the projects:<\/strong> fixed 44 vulnerabilities from 104 (without taking into account redirectors). It is 42,31% fixed vulnerabilities. Owners of search engines have a place for improvements of their engines\u2019 security.<\/p><\/blockquote>\n<p>Over a period of 30 days, 104 and vulnerabilities\/bugs were discovered out of which only 44 have been fixed. Out of these 19 vendors, only two (Rambler and Ezilon) have thanked him for his commendable hardwork.<\/p>\n<p>Several researchers, including <a href=\"http:\/\/jeremiahgrossman.blogspot.com\/2007\/07\/30-days-104-search-engine.html\">Jeremiah<\/a>, <a href=\"http:\/\/ha.ckers.org\/blog\/20070701\/month-of-search-engine-bugs-comes-to-a-close\/\">RSnake<\/a>, <a href=\"http:\/\/planet-websecurity.org\/30+days%2C+104+Search+Engine+Vulnerabilities\/\">Christ1an<\/a> etc. blogged about it. Considering the complexities involved in the fixing a bug, they agree at some point that 44  is still a good number. However, there is one Big &#8220;Cheer&#8221; Leader<a href=\"http:\/\/websecurity.com.ua\/1114\/#comment-48778\"> which isn&#8217;t fixing the bugs<\/a>. No points for guessing that the Leader believes  in &#8220;not doing evil things&#8221;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Month of Search Engine Bugs by MustLive has come to an end. MutLive reports: In the project took part 33 search engines (30 web engines and 3 local engines) of 19 vendors, some vendors have several engines. The list of project\u2019s participants (in order of appearance): Meta, Yahoo, HotBot, Gigablast, MSN, Clusty, Yandex, Yandex.Server &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/projectbee.org\/blog\/archive\/month-of-search-engine-bugs-mission-accomplished\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Month of Search Engine Bugs: &#8220;Mission Accomplished&#8221;&#8221;<\/span><\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[9,22,24,25,29,33,34,42,46,168,167],"tags":[44,45],"class_list":["post-38","post","type-post","status-publish","format-standard","hentry","category-bug","category-google","category-hack","category-hackers","category-irony","category-loophole","category-microsoft","category-phishing","category-review","category-security","category-webappsec","tag-rating","tag-reality"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pf2XR-C","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/posts\/38","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/comments?post=38"}],"version-history":[{"count":0,"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/posts\/38\/revisions"}],"wp:attachment":[{"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/media?parent=38"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/categories?post=38"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/tags?post=38"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}