Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ptsecurityPositive TechnologiesPT-2013-18
HistoryJan 03, 2013 - 12:00 a.m.

PT-2013-18: Variables Overwriting in mnoGoSearch

2013-01-0300:00:00
Positive Technologies
www.ptsecurity.com
9
JSON

PT-2013-18: Variables Overwriting in mnoGoSearch

Vulnerable software

mnoGoSearch
Version: 3.3.12 and earlier

Application link:
<http://www.mnogosearch.org/&gt;

Severity level

Severity level: Medium
Impact: Cross-Site Scripting (XSS)
Access Vector: Remote

CVSS v2:
Base Score: 4.3
Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE: not assigned

Software description

mnoGoSearch is a universal Intranet and Internet search engine.

Vulnerability description

Positive Technologies experts have detected a Cross-Site Scripting vulnerability in mnoGoSearch.

Due to incorrect application architecture, all the template variables and variables sent by the client are stored in the same list. This vulnerability allows attackers to overwrite any uninitialized variables used in the template. Overwriting parameters, which are displayed on the web page without processing, results in multiple cross-site scripting vulnerabilities.
Exploitation example
http://www.mnogosearch.org/search/index.html?q=x&STORED=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
http://www.mnogosearch.org/search/index.html?q=x&CL=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
http://www.mnogosearch.org/search/index.html?q=a&cc=1&Charset=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
http://www.mnogosearch.org/search/index.html?q=a&ResultContentType=text/html%0A%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
http://www.mnogosearch.org/search/index.html?q=aaa&total=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E&a=a

How to fix

Update your software up to the latest version.

Advisory status

15.02.2013 - Vendor gets vulnerability details
01.03.2013 - Vendor releases fixed version and details
05.03.2013 - Public disclosure

Credits

The vulnerabilities has discovered by Sergey Bobrov, Positive Research Center (Positive Technologies Company)

References

<http://en.securitylab.ru/lab/PT-2013-18&gt;
<http://www.mnogosearch.org/bugs/index.php?id=4819&gt;

Reports on the vulnerabilities previously discovered by Positive Research:

<http://ptsecurity.com/research/advisory/&gt;
<http://en.securitylab.ru/lab/&gt;

JSON