raditech-multiple.txt

2007-02-13T00:00:00
ID PACKETSTORM:54362
Type packetstorm
Reporter Pedro Alexander Garcia
Modified 2007-02-13T00:00:00

Description

                                        
                                            `Site : Raditech.es  
Product : Portal Search (May be others)  
  
Portal Search is a product that can help to search in one or multiple Web sites. http://www.raditech.es/esp/servicios/portal-search.shtml  
  
This product can SEARCH and INDEX the contents of a entire web site,additionally this product doesn't validate user input. So these types of attacks are possible.  
  
-URL redirection (So Phising attacks can be easy)  
-Cross Site Scripting  
-Business Logic can be revealed trough Searching some type of characters   
-Some Others  
  
-URL redirection   
http://target/?http://www.hackersite.com  
and the hacker site is displayed in the main FRAME of www.somesite.com  
  
-Cross Site Scripting  
http://target/buscador/buscador.htm?%3CIFRAME%20SRC=%22javascript:alert('XSS');%22%3E%3C/IFRAME%3E  
The result of this URL is that all the records are displayed.  
  
-Business Logic can be revealed trough Searching some type of characters.  
http://target/buscador/buscador.htm?  
  
Thanks and sorry by my English  
  
Regards  
  
Pedro Alexander Garcia  
claxus@gmail.com  
Colombia 2007  
`