|
RevenuePilot Search Engine XSS vuln.
Vuln. dicovered by : r0t
Date: 28 nov. 2005
Orginal advisory:
http://pridels.blogspot.com/2005/11/revenuepilot-search-engine-xss-vuln.html
Vendor:http://www.wwwsearchsolutions.com/revenuepilot.php
affected version:v1.2.0 and prior
Product Description:
With this script you can be running your own pay per click site in
just a few minutes. Best of all it's FREE! RevenuePilot Search Engine
is one of best ways to make use of RevenuePilot's pay per click search
engine affiliate program. RevenuePilot Search Engine only takes a
minute to configure, just enter your RevenuePilot affiliate ID and
site title, upload your files and you are up and running.
Vuln. description:
Input passed to the search parameters when performing a search isn't
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
Solution:
Edit the source code to ensure that input is properly sanitised.
|
