TUCoPS :: Web :: CMS / Portals :: c07-2305.htm

Radical Technologies - Portal Search- multiple XSS issue
Radical Technologies - Portal Search- multiple XSS issue
Radical Technologies - Portal Search- multiple XSS issue


Site : Raditech.es
Product : Portal Search (May be others)

Portal Search is a product that can help to search in one or multiple Web sites. http://www.raditech.es/esp/servicios/portal-search.shtml 

This product can SEARCH and INDEX the contents of a entire web site,additionally this product doesn't validate user input. So these types of attacks are possible.

-URL redirection (So Phising attacks can be easy)
-Cross Site Scripting
-Business Logic can be revealed trough Searching some type of characters 
-Some Others

-URL redirection 
http://target/?http://www.hackersite.com 
and the hacker site is displayed in the main FRAME of www.somesite.com 

-Cross Site Scripting
http://target/buscador/buscador.htm?%3CIFRAME%20SRC=%22javascript:alert('XSS');%22%3E%3C/IFRAME%3E 
The result of this URL is that all the records are displayed.

-Business Logic can be revealed trough Searching some type of characters.
http://target/buscador/buscador.htm? 

Thanks and sorry by my English

Regards

Pedro Alexander Garcia
claxus@gmail.com 
Colombia 2007

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH