lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20031016174743.78112.qmail@web41505.mail.yahoo.com>
From: illectro2001 at yahoo.com (Chris Sharp)
Subject: Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine

Looks like it also affects the asp pages too

search.asp?query=<script>alert(document.cookie)</script>

Chris

--- Sintelli SINTRAQ <sintraq@...telli.com> wrote:
> Cross-Site Scripting Vulnerability in Wrensoft Zoom
> Search Engine
> 09 October 2003
> 
> PDF version:
>
http://www.sintelli.com/adv/sa-2003-02-zoomsearch.pdf
> 
> Background
> Zoom is a package that adds search facilities to
> your website and produces
> fast search results by indexing your website in
> advance. Unlike other
> solutions relying on server-side software, Zoom
> allows you to do this from
> the convenience of your own Windows computer.
> 
> More information about the product is available
> here:
> http://www.wrensoft.com/zoom/index.html
> 
> Description
> The Zoom Search engine does not properly filter user
> supplied input when
> displaying the search results. This issue allows
> remote attacker to inject
> malicious code in the target system. All the code
> will be executed within
> the context of the website.  An example of such an
> attack is
> 
>
http://www.victim.com/search.php?zoom_query=<script>alert("hello")</script><script>alert("hello")</script>
> 
> In order for the attack to work a user must click on
> one of these specially
> crafted URLs, which can be sent by email to the
> user, or by the using
> clicking on a link.
> 
> Impact
> It is possible for an attacker to retrieve
> information from a user's system.
> 
> Versions affected
> Version 2.0 - Build: 1018 (Earlier builds may be
> vulnerable)
> 
> Solution
> Upgrade to Build 1019. This can be downloaded from
> http://www.wrensoft.com/ftp/zoomsearch.exe
> 
> 
> Vulnerability History
> 30 Sep 2003             Identified by Ezhilan of
> Sintelli
> 01 Oct 2003             Issue disclosed to Wrensoft
> 02 Oct 2003             Second notification to
> Wrensoft
> 02 Oct 2003             Vulnerability confirmed by
> Raymond Leung of
> Wrensoft.
> 08 Oct 2003             Sintelli informed of fix
> Wrensoft
> 08 Oct 2003             Sintelli confirms
> vulnerability has been addressed
> 08 Oct 2003             Build 1019 available
> 09 Oct 2003             Sintelli Public Disclosure
> 
> Credit
> Ezhilan of Sintelli discovered this vulnerability.
> 
> About Sintelli:
> Sintelli is the world's largest provider of security
> intelligence solutions.
> Sintelli is the definitive source for IT Security
> intelligence and is a
> provider of third generation intelligence security
> solutions.
> 
> Request a free trial of our alerting solution by
> clicking here
> http://www.sintelli.com/free-trial.htm
> 
> Copyright 2003 Sintelli Limited.  All rights
> reserved. www.sintelli.com
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html


__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ