by r0t,der4444,cembo,VietMafia

Monday, December 05, 2005

1- Search XSS vuln.

1- Search XSS vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
vendor:http://www.1-script.com/1_search/
affected version:1.80 and prior


Product Description:
An advanced site search script written with search engines positioning in mind - result pages contain all proper tags to be submitted to search engines as doorway pages. The script logs all the searches, found and not found, inserts affiliate codes so that you never miss commission. Comes with advanced administration utility for setup, viewing statistics, changing appearance and much more. New version includes an optimized search algorithm for faster searches.

Vuln. description:
Input passed to the parameter "q" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


example:
/1search.cgi?q=[XSS]&boolean=ALL&case=
Insensitive

Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous Dmitriy told...

1-Script.com would like to announce availability of new version 1.90 of 1-Search script which is a mandatory security upgrade. Please get your files along with installation and upgrade instructions here.

http://www.1-script.com/download.php

We encourage you to perform the upgrade as soon as possible.

All previous versions of 1-Search (1.80 and earlier) are affected.

The vulnerability may allow an attacker to submit specially crafted search string that will initiate a JavaScript code execution or show a non-sanctioned link to an inappropriate website which can have negative effect on your search engine positioning.

The new version is designed to filter the XSS JavaScript along with other HTML tags. Additionally it has GET query disabled thus eliminating the possibility for an attacker to expose any bad links on your sites by linking to them from other sites.

Original security advisory credit to http://pridels.blogspot.com/2005/12/1-search-xss-vuln.html

http://www.1-script.com

1:02 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew