Search Unleashed version 0.2.10 suffers from a javascript inject vulnerability that can lead to cross site scripting.
095cb94e4cb81ec22f10734eb2b0ed187bd60ed82e5064ca039ef7954df12c99Hello all,
There is a bug in "Log" function of Search Unleashed by John Godley,
version 0.2.10.
This plug-in stores search queries but does not validates stored data
and put them back "raw" to browser.
HTML and Java Script can be injected with search request:
/blog/?s=%3Ctextarea+onmouseover%3D%22alert%28document.cookie%29%3B%22%3E%3C%2Ftextarea%3E&searchbutton=go%21
To execute injected code admin have to go to Manage -> Search
Unleashed -> Log (and in my example point his cursor to text area).
Author was notified by his bug tracker:
http://urbangiraffe.com/tracker/issues/show/60
Regards,
--
Krzysztof Burghardt <krzysztof@burghardt.pl>
http://www.burghardt.pl/
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed