Bugtraq mailing list archives
XSS Hole in Fluid Dynamics search Engine
From: VALDEUX () aol com
Date: Wed, 10 Jul 2002 11:48:09 EDT
Name : FD Search Engine Vendor : Fluid Dynamics - http://www.xav.com Version : Probably all Demo : http://www.xav.com/search.pl Note : Sorry for my poor english ... ------------------------------------- PROBLEM For a multiple result pages search, the script uses the variable Rank wich contains current result number. Anything could be written into, including HTML tags. EXEMPLE http://www.xav.com/search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10& Rank=<br><h1>XSS</h1> Note : it works because "test" returns several pages. SOLUTION None yet.
Current thread:
- RE: XSS Hole in Fluid Dynamics Search engine Zoltan Milosevic (Jul 10)
- <Possible follow-ups>
- XSS Hole in Fluid Dynamics search Engine VALDEUX (Jul 10)