by r0t,der4444,cembo,VietMafia

Monday, November 28, 2005

RevenuePilot Search Engine XSS vuln.

RevenuePilot Search Engine XSS vuln.
Vuln. dicovered by : r0t
Date: 28 nov. 2005
Vendor:http://www.wwwsearchsolutions.com/revenuepilot.php
affected version:v1.2.0 and prior

Product Description:
With this script you can be running your own pay per click site in just a few minutes. Best of all it's FREE! RevenuePilot Search Engine is one of best ways to make use of RevenuePilot's pay per click search engine affiliate program. RevenuePilot Search Engine only takes a minute to configure, just enter your RevenuePilot affiliate ID and site title, upload your files and you are up and running.

Vuln. description:
Input passed to the search parameters when performing a search isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew