Looks like it also affects the asp pages too search.asp?query=<script>alert(document.cookie)</script>
Chris --- Sintelli SINTRAQ <[EMAIL PROTECTED]> wrote: > Cross-Site Scripting Vulnerability in Wrensoft Zoom > Search Engine > 09 October 2003 > > PDF version: > http://www.sintelli.com/adv/sa-2003-02-zoomsearch.pdf > > Background > Zoom is a package that adds search facilities to > your website and produces > fast search results by indexing your website in > advance. Unlike other > solutions relying on server-side software, Zoom > allows you to do this from > the convenience of your own Windows computer. > > More information about the product is available > here: > http://www.wrensoft.com/zoom/index.html > > Description > The Zoom Search engine does not properly filter user > supplied input when > displaying the search results. This issue allows > remote attacker to inject > malicious code in the target system. All the code > will be executed within > the context of the website. An example of such an > attack is > > http://www.victim.com/search.php?zoom_query=<script>alert("hello")</script><script>alert("hello")</script> > > In order for the attack to work a user must click on > one of these specially > crafted URLs, which can be sent by email to the > user, or by the using > clicking on a link. > > Impact > It is possible for an attacker to retrieve > information from a user's system. > > Versions affected > Version 2.0 - Build: 1018 (Earlier builds may be > vulnerable) > > Solution > Upgrade to Build 1019. This can be downloaded from > http://www.wrensoft.com/ftp/zoomsearch.exe > > > Vulnerability History > 30 Sep 2003 Identified by Ezhilan of > Sintelli > 01 Oct 2003 Issue disclosed to Wrensoft > 02 Oct 2003 Second notification to > Wrensoft > 02 Oct 2003 Vulnerability confirmed by > Raymond Leung of > Wrensoft. > 08 Oct 2003 Sintelli informed of fix > Wrensoft > 08 Oct 2003 Sintelli confirms > vulnerability has been addressed > 08 Oct 2003 Build 1019 available > 09 Oct 2003 Sintelli Public Disclosure > > Credit > Ezhilan of Sintelli discovered this vulnerability. > > About Sintelli: > Sintelli is the world's largest provider of security > intelligence solutions. > Sintelli is the definitive source for IT Security > intelligence and is a > provider of third generation intelligence security > solutions. > > Request a free trial of our alerting solution by > clicking here > http://www.sintelli.com/free-trial.htm > > Copyright 2003 Sintelli Limited. All rights > reserved. www.sintelli.com > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
