by r0t,der4444,cembo,VietMafia

Thursday, December 01, 2005

Interspire FastFind 2005 XSS vuln.

Interspire FastFind 2005 XSS vuln.

Vuln. dicovered by : r0t
Date: 1 dec. 2005
affected version: 2005 and 2004 version.

Product Description:
Add powerful, flexible search to your site in minutes. FastFind is the leading PHP search engine, featuring: point and click web based interface, simple 3 step installation wizard, 100% rebrandable, automated scheduling, advanced filtering, and much, much more. Download Interspire FastFind 2005 now and have search setup on yours/your clients site in minutes!

Vuln. Description:
Input passed to the "query" parameter isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Edit the source code to ensure that input is properly sanitised.


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew