by r0t,der4444,cembo,VietMafia

Monday, December 05, 2005

KeyWord Frequency Counter v1.0 XSS vuln.

KeyWord Frequency Counter v1.0 XSS vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
affected version:1.0 and prior

Product Description:

Is a free script that analizez the word structure of any page on your website and lets you compare it with your competitors.
Written in: Perl for Unix

Vuln. Description:

KeyWord Frequency Counter contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the remote URL upon submission to the index.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.


Edit the source code to ensure that input is properly sanitised.


Anonymous Anonymous told...

what do you mean by "remote URL" - the referer? a URL argument to index.cgi?

6:17 AM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew