Radical Technologies - Portal Search- multiple XSS issue

2007.02.17
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

Site : Raditech.es Product : Portal Search (May be others) Portal Search is a product that can help to search in one or multiple Web sites. http://www.raditech.es/esp/servicios/portal-search.shtml This product can SEARCH and INDEX the contents of a entire web site,additionally this product doesn't validate user input. So these types of attacks are possible. -URL redirection (So Phising attacks can be easy) -Cross Site Scripting -Business Logic can be revealed trough Searching some type of characters -Some Others -URL redirection http://target/?http://www.hackersite.com and the hacker site is displayed in the main FRAME of www.somesite.com -Cross Site Scripting http://target/buscador/buscador.htm?%3CIFRAME%20SRC=%22javascript:alert( 'XSS');%22%3E%3C/IFRAME%3E The result of this URL is that all the records are displayed. -Business Logic can be revealed trough Searching some type of characters. http://target/buscador/buscador.htm? Thanks and sorry by my English Regards Pedro Alexander Garcia claxus (at) gmail (dot) com [email concealed] Colombia 2007


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top