[Kil13r-SA-20060701-1] Ahnlab Search Cross-Site Scripting Vulnerability

mac68k Fri, 30 Jun 2006 11:18:36 -0700

Title:

[Kil13r-SA-20060701-1] Ahnlab Search Cross-Site Scripting Vulnerability



Author:

Kil13r - http://www.kil13r.info/


Local / Remote:

Remote


Timeline:

2006/06/28 - Discovery

2006/06/28 - Vendor notification

2006/06/30 - Vendor notification

2006/06/30 - Vendor response

2006/07/01 - Release


Affected version:


Not affected version:


Description:

Ahnlab is antivirus software and security solutions provider site, but that has 
vulnerability.

It can run arbitrary Javascript code by end user in search engine.


If victim execute arbitrary Javascript code, attacker can steal victim's cookie.


Proof of Concept code:

None


Proof of Concept example:

None


Proof of Concept screenshot:

http://www.kil13r.info/sa/xss/ahnlabxss.jpg


-

The Bird of Hermes is my name,

Eating my wings to make me tame.

[Kil13r-SA-20060701-1] Ahnlab Search Cross-Site Scripting Vulnerability

Reply via email to