Radical Technologies - Portal Search- multiple XSS issue Feb 12 2007 04:38AM
claxus gmail com
Site : Raditech.es
Product : Portal Search (May be others)

Portal Search is a product that can help to search in one or multiple Web sites. http://www.raditech.es/esp/servicios/portal-search.shtml

This product can SEARCH and INDEX the contents of a entire web site,additionally this product doesn't validate user input. So these types of attacks are possible.

-URL redirection (So Phising attacks can be easy)
-Cross Site Scripting
-Business Logic can be revealed trough Searching some type of characters
-Some Others

-URL redirection
and the hacker site is displayed in the main FRAME of www.somesite.com

-Cross Site Scripting
The result of this URL is that all the records are displayed.

-Business Logic can be revealed trough Searching some type of characters.

Thanks and sorry by my English


Pedro Alexander Garcia
claxus (at) gmail (dot) com [email concealed]
Colombia 2007

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus