Easy Search System v1.1 XSS vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/easy-search-system-v11-xss-vuln.html vendor:http://www.hotcgiscripts.net/?c=e-search affected version:v1.1 and prior
Product Description: Easy Search System is a powerful, customizable and effective site indexing/searching script. Index your website over cgi, php, asp and any webpages. It collect meta description, meta keywords, titles, page content and link texts from all pages on your site. You could define power of all this page parts to create search the most powerful. Customize search results and "Not found" pages. Edit stop words. Search with parts of site. Show in statistics the most searchable keywords and not found keywords. You can create page's groups. Index groups of your site every day, week or month automatically. Define rules to automatically add pages to groups or ignore files and directories. It shows dead links into your site and links to dead sites. You can see internal and EXTERNAL out and in links for every indexed page with Easy Search System script.Could index several sites into one database and your users can search all your sites from one form. Or search only parts of your site. You could create several search forms to search any of you site parts.You can search for one or more terms at the same time. You may input single words and phrases as search terms at the same time. Phrases are enclosed inside quotes - as known from world wide search engines like in Google. Terms can be combined by logical operators: the sign "+" marks a term as forced (it must be present); the sign "-" marks a term as forbidden (it must not be present) Possibility to automatically mark all unsigned terms as forced (by activating the checkbox "+" near the input field) The Easy Search System provides a solution with far more flexibility and power than any other at a price you can afford.
Vuln. description: Input passed to the "q" parameter in "search.cgi " isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Solution: Edit the source code to ensure that input is properly sanitised.