by r0t,der4444,cembo,VietMafia

Monday, December 05, 2005

KeyWord Frequency Counter v1.0 XSS vuln.

KeyWord Frequency Counter v1.0 XSS vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
vendor:http://www.web4future.com/free/wordcount.htm
affected version:1.0 and prior


Product Description:

Is a free script that analizez the word structure of any page on your website and lets you compare it with your competitors.
Written in: Perl for Unix

Vuln. Description:

KeyWord Frequency Counter contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the remote URL upon submission to the index.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution:

Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous Anonymous told...

what do you mean by "remote URL" - the referer? a URL argument to index.cgi?

6:17 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew