Tunez search.php searchFor Variable XSS

2005-11-23T10:48:32
ID OSVDB:21063
Type osvdb
Reporter r0t(krustevs@googlemail.com)
Modified 2005-11-23T10:48:32

Description

Vulnerability Description

Tunez contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "searchFor" variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Tunez contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "searchFor" variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

/search.php?action=doSearch&searchFor=[XSS]&search_type=all

References:

Vendor URL: http://tunez.sourceforge.net/ Secunia Advisory ID:17692 Related OSVDB ID: 21062 Other Advisory URL: http://pridels.blogspot.com/2005/11/tunez-sql-and-xss-vuln.html Other Advisory URL: http://osvdb.org/ref/21/21063-tunez.txt CVE-2005-3834 Bugtraq ID: 15548