lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 10 Nov 2010 23:28:11 +0100
From: Christian Sciberras <uuf6429@...il.com>
To: MustLive <mustlive@...security.com.ua>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Vulnerability in Google AJAX Search

Let me get this straight....the vulnerability was in some sample code (if
so, you ought to check out the PHP manual)?

Just asking...

Chris.





2010/11/10 MustLive <mustlive@...security.com.ua>

> Hello Full-Disclosure!
>
> I want to warn you about Cross-Site Scripting vulnerability in Google AJAX
> Search.
>
> In 2007 I already wrote about vulnerability in Google Custom Search Engine
> (http://websecurity.com.ua/1050/) - CVE-2007-3484
> (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3484), and this
> is
> new vulnerability related to Google Custom Search Engine, because AJAX
> Search is one variant of CSE.
>
> -------------------------
> Affected products:
> -------------------------
>
> Potentially vulnerable are all sites and web applications which are using
> Google AJAX Search. Particularly those ones which used AJAX Search before
> 25th of June, 2010, when Google agreed with me and changed documentation of
> AJAX Search to prevent incorrect use of their application.
>
> ----------
> Details:
> ----------
>
> XSS (WASC-08):
>
> http://site/search/?parameter=’;alert(document.cookie);//
>
> This is DOM Based XSS.
>
> For example, in IB Pro CMS (SecurityVulns ID: 11131), where Google AJAX
> Search is using, the next request is used for attack:
>
> http://site/search/?qs=’;alert(document.cookie);//
>
> Besides system IB Promotion Advanced Business Web Suite (IB Pro CMS) and
> sites on it, which contain this vulnerability in Google AJAX Search, such
> vulnerability also took place in other web application. As I found in
> September, Search Api Ajax Google (searchajaxgoogle) extension for TYPO3
> CMS
> is vulnerable for Cross-Site Scripting
> (http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-003/).
>
> ------------
> Timeline:
> ------------
>
> 2010.06.22 - announced at my site.
> 2010.06.23 - informed developers. First they tried to decline, but later
> they agreed with me.
> 2010.06.25 - Google agreed with me and changed documentation of AJAX
> Search.
> 2010.11.10 - disclosed at my site.
>
> I mentioned about this vulnerability at my site
> (http://websecurity.com.ua/4309/).
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ