by r0t,der4444,cembo,VietMafia

Monday, November 28, 2005

SearchFeed Search Engine XSS vuln.

SearchFeed Search Engine XSS vuln.
Vuln. dicovered by : r0t
Date: 28 nov. 2005
Vendor:http://www.wwwsearchsolutions.com/searchfeed.php
affected version:v1.3.2 and prior

Product Description:
Using this script you can be running your own pay per click site in just a few minutes. Best of all it's FREE! SearchFeed Search Engine is one of best ways to make use of SearchFeed pay per click search engine affiliate program. SearchFeed Search Engine only takes a minute to configure, upload your files and just enter your SearchFeed account ID, tracking ID, site title, and you are up and running.
SearchFeed Search Engine uses SearchFeed's XML feed to display search results. When JavaScript is used, you are limited to just a few results, don't have full control of source HTML, and depend on SearchFeed's servers to process results. By using XML SearchFeed just sends results, and your site does everything else. Average search takes about 1-2 seconds and each page loads in less than a second.

Vuln. description:
Input passed to the search parameters when performing a search isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew