1- Search XSS vuln.

Type securityvulns
Reporter Securityvulns
Modified 2005-12-05T00:00:00


1- Search XSS vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/1-search-xss-vuln.html vendor:http://www.1-script.com/1_search/ affected version:1.80 and prior

Product Description: An advanced site search script written with search engines positioning in mind - result pages contain all proper tags to be submitted to search engines as doorway pages. The script logs all the searches, found and not found, inserts affiliate codes so that you never miss commission. Comes with advanced administration utility for setup, viewing statistics, changing appearance and much more. New version includes an optimized search algorithm for faster searches.

Vuln. description: Input passed to the parameter "q" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

example: /1search.cgi?q=[XSS]&boolean=ALL&case= Insensitive

Solution: Edit the source code to ensure that input is properly sanitised.