lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <305401c39294$77a6c8a0$0f0aa8c0@x2>
From: sintraq at sintelli.com (Sintelli SINTRAQ)
Subject: Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine

Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine
09 October 2003

PDF version: http://www.sintelli.com/adv/sa-2003-02-zoomsearch.pdf

Background
Zoom is a package that adds search facilities to your website and produces
fast search results by indexing your website in advance. Unlike other
solutions relying on server-side software, Zoom allows you to do this from
the convenience of your own Windows computer.

More information about the product is available here:
http://www.wrensoft.com/zoom/index.html

Description
The Zoom Search engine does not properly filter user supplied input when
displaying the search results. This issue allows remote attacker to inject
malicious code in the target system. All the code will be executed within
the context of the website.  An example of such an attack is

http://www.victim.com/search.php?zoom_query=<script>alert("hello")</script><script>alert("hello")</script>

In order for the attack to work a user must click on one of these specially
crafted URLs, which can be sent by email to the user, or by the using
clicking on a link.

Impact
It is possible for an attacker to retrieve information from a user's system.

Versions affected
Version 2.0 - Build: 1018 (Earlier builds may be vulnerable)

Solution
Upgrade to Build 1019. This can be downloaded from
http://www.wrensoft.com/ftp/zoomsearch.exe


Vulnerability History
30 Sep 2003             Identified by Ezhilan of Sintelli
01 Oct 2003             Issue disclosed to Wrensoft
02 Oct 2003             Second notification to Wrensoft
02 Oct 2003             Vulnerability confirmed by Raymond Leung of
Wrensoft.
08 Oct 2003             Sintelli informed of fix Wrensoft
08 Oct 2003             Sintelli confirms vulnerability has been addressed
08 Oct 2003             Build 1019 available
09 Oct 2003             Sintelli Public Disclosure

Credit
Ezhilan of Sintelli discovered this vulnerability.

About Sintelli:
Sintelli is the world's largest provider of security intelligence solutions.
Sintelli is the definitive source for IT Security intelligence and is a
provider of third generation intelligence security solutions.

Request a free trial of our alerting solution by clicking here
http://www.sintelli.com/free-trial.htm

Copyright 2003 Sintelli Limited.  All rights reserved. www.sintelli.com



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ