[Full-Disclosure] Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine

2003-10-15T00:00:00
ID SECURITYVULNS:DOC:5242
Type securityvulns
Reporter Securityvulns
Modified 2003-10-15T00:00:00

Description

Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine 09 October 2003

PDF version: http://www.sintelli.com/adv/sa-2003-02-zoomsearch.pdf

Background Zoom is a package that adds search facilities to your website and produces fast search results by indexing your website in advance. Unlike other solutions relying on server-side software, Zoom allows you to do this from the convenience of your own Windows computer.

More information about the product is available here: http://www.wrensoft.com/zoom/index.html

Description The Zoom Search engine does not properly filter user supplied input when displaying the search results. This issue allows remote attacker to inject malicious code in the target system. All the code will be executed within the context of the website. An example of such an attack is

http://www.victim.com/search.php?zoom_query=<script>alert("hello")</script><script>alert("hello")</script>

In order for the attack to work a user must click on one of these specially crafted URLs, which can be sent by email to the user, or by the using clicking on a link.

Impact It is possible for an attacker to retrieve information from a user's system.

Versions affected Version 2.0 - Build: 1018 (Earlier builds may be vulnerable)

Solution Upgrade to Build 1019. This can be downloaded from http://www.wrensoft.com/ftp/zoomsearch.exe

Vulnerability History 30 Sep 2003 Identified by Ezhilan of Sintelli 01 Oct 2003 Issue disclosed to Wrensoft 02 Oct 2003 Second notification to Wrensoft 02 Oct 2003 Vulnerability confirmed by Raymond Leung of Wrensoft. 08 Oct 2003 Sintelli informed of fix Wrensoft 08 Oct 2003 Sintelli confirms vulnerability has been addressed 08 Oct 2003 Build 1019 available 09 Oct 2003 Sintelli Public Disclosure

Credit Ezhilan of Sintelli discovered this vulnerability.

About Sintelli: Sintelli is the world's largest provider of security intelligence solutions. Sintelli is the definitive source for IT Security intelligence and is a provider of third generation intelligence security solutions.

Request a free trial of our alerting solution by clicking here http://www.sintelli.com/free-trial.htm

Copyright 2003 Sintelli Limited. All rights reserved. www.sintelli.com


Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html