by r0t,der4444,cembo,VietMafia

Thursday, December 01, 2005

Extreme Search Corporate Edition 6.x XSS vuln.

Extreme Search Corporate Edition 6.x XSS vuln.
Vuln. dicovered by : r0t
Date: 1 dec. 2005
affected version:6.0 and prior

Product Description:
Power your web site with this premium pay per click search engine. This internet software is a combination of fast php code and the very secure perl code. It features an expansive category editor section and seperate affiliate program section.

Vuln. Description:
Input passed to the "search" parameter in "extremesearch.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Edit the source code to ensure that input is properly sanitised.


Anonymous Anonymous told...

This security issue has long been addressed. I have tried it and it doesn't work.

2:05 AM

Blogger alberthaanstra told...

I Like your blog! Do you make money with it? data entry

4:27 AM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew