SearchFeed Search Engine XSS vuln.

2005-11-28T00:00:00
ID SECURITYVULNS:DOC:10408
Type securityvulns
Reporter Securityvulns
Modified 2005-11-28T00:00:00

Description

SearchFeed Search Engine XSS vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/searchfeed-search-engine-xss-vuln.html Vendor:http://www.wwwsearchsolutions.com/searchfeed.php affected version:v1.3.2 and prior

Product Description: Using this script you can be running your own pay per click site in just a few minutes. Best of all it's FREE! SearchFeed Search Engine is one of best ways to make use of SearchFeed pay per click search engine affiliate program. SearchFeed Search Engine only takes a minute to configure, upload your files and just enter your SearchFeed account ID, tracking ID, site title, and you are up and running. SearchFeed Search Engine uses SearchFeed's XML feed to display search results. When JavaScript is used, you are limited to just a few results, don't have full control of source HTML, and depend on SearchFeed's servers to process results. By using XML SearchFeed just sends results, and your site does everything else. Average search takes about 1-2 seconds and each page loads in less than a second.

Vuln. description: Input passed to the search parameters when performing a search isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.