[26113] in bugtraq
XSS Hole in Fluid Dynamics search Engine
daemon@ATHENA.MIT.EDU (VALDEUX@aol.com)
Wed Jul 10 18:59:33 2002
Date: Wed, 10 Jul 2002 11:48:09 EDT
From: VALDEUX@aol.com
To: <scripts@nickname.net>, <contact@securitybugware.org>,
<bugtraq@securityfocus.com>, <valdeux@aol.com>
Content-Language: fr
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Message-ID: <19d.4fbb9c1.2a5db139@aol.com>
Name : FD Search Engine
Vendor : Fluid Dynamics - http://www.xav.com
Version : Probably all
Demo : http://www.xav.com/search.pl
Note : Sorry for my poor english ...
-------------------------------------
PROBLEM
For a multiple result pages search, the script uses the variable Rank wich
contains current result number.
Anything could be written into, including HTML tags.
EXEMPLE
http://www.xav.com/search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&
Rank=<br><h1>XSS</h1>
Note : it works because "test" returns several pages.
SOLUTION
None yet.
