Reflected Cross-Site Scripting (XSS) in SearchBlox

2015-04-22T00:00:00
ID HTB23256
Type htbridge
Reporter High-Tech Bridge
Modified 2015-04-22T00:00:00

Description

High-Tech Bridge Security Research Lab discovered XSS vulnerability in SearchBlox, which can be exploited to perform Cross-Site Scripting attacks against the vulnerable web application administrators.

Input passed via the "menu2" HTTP GET parameter to "/searchblox/admin/main.jsp" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and scripting code in his browser in context of the vulnerable website.

A simple XSS exploit below uses the "alert()" JS function to display a box with "ImmuniWeb" word:

http://[host]/searchblox/admin/main.jsp?menu1=adm&menu2=%22%3E%3Cscript%3Eal ert%28%27ImmuniWeb%27%29;%3C/script%3E