by r0t,der4444,cembo,VietMafia

Monday, December 05, 2005

Hot Links SQL 3.x XSS vuln.

Hot Links SQL 3.x XSS vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
vendor:http://www.mrcgiguy.com/hlsqldetails.shtml
affected version:3.1.x and prior

Product Description:
# irectory style index allows for easy navigation
# Utilizes the power of MySQL to deliver blazing fast content regardless of the amount of data.
# Out going and incoming hits are recorded creating a popular links list and displaying a cumulative hit count which is also used to build a Hot Links Page.
# Control how many links to display on the popular links list.
# Control the amount of top search terms to display on the index.
# Control how many hits a site must have before being listed on the Hot Links Page.
# Cheat protection using IP address for outgoing & incoming hits (1 hit per IP per day).
# Duplicate link verification (Now has option to disable, or to losen the restrictions to allow duplicates as long as they're in seperate categories).
# Easily edit the look of your directory without having to pick through any of the PERL code. Almost 100% template based.
# Will run on most servers with Perl 5.x, MySQL and SendMail installed. Recommended for Unix/Linux.
# Split page listings, break up longer category & search result listings for easier navigation.
# Create infinite subcategory levels.
# Most recent listings display right on the index page. You control how many to show.
# Features static HTML or Dynamic mode. HTML mode is highly beneficial for search engine rankings and Google PageRank.
# Intergrated reviews and ratings system.
# Integrated Searchfeed.com results search feed.
# No longer requires SSI.
# Static or Dynamic outgoing urls. Now more search engine friendly than ever. Don't want to use redirects, just turn the static url option on.
# Seperate template for sponsor links, make them really stand out and encourage link owners to pay for the upgrade.
# Algorithm sorting on categories and search results pages. More info here.




Vuln. description:

Input passed to the parameter in "search.cgi" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew