Lucene search

Kil13r-SA-20060622-1.txt

🗓️ 27 Jun 2006 00:00:00Reported by Kil13rType

packetstorm🔗 packetstormsecurity.com👁 14 Views

NetSoft SmartNet 2.0 XSS Vulnerabilit

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`Title:  
[Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability  
  
Author:  
Kil13r - http://www.kil13r.info/  
  
Local / Remote:  
Remote  
  
Timeline:  
2006/06/21 - Discovery  
2006/06/21 - Vendor notification  
2006/06/22 - Release  
  
Affected version:  
NetSoft SmartNet 2.0  
  
Not affected version:  
  
Description:  
NetSoft SmartNet 2.0 is search engine solution, but that has vulnerability.  
It can run arbitrary Javascript code by end user in search engine.  
  
If victim execute arbitrary Javascript code, attacker can steal victim's cookie.  
  
Proof of Concept code:  
None  
  
Proof of Concept example:  
http://www.victim.com/dataCollector/search.jsp?searchFLD=0&tableName=_meta&keyWord=<script>alert("XSS")</script>  
http://www.victim.com/dataCollector/search.asp?searchFLD=0&tableName=_meta&keyWord=<script>alert("XSS")</script>  
  
Proof of Concept screenshot:  
http://www.kil13r.info/sa/xss/smartnetxss.jpg  
  
-  
Igitur qui desiderat pacem, praeparet bellum.  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 Jun 2006 00:00Current

7.4High risk

Vulners AI Score7.4