COMMAND

	Fluid Dynamics search engine XSS

SYSTEMS AFFECTED

	Probably all (up to v2.0.0.0055)

PROBLEM

	Valdeux [VALDEUX@aol.com] kindly posted :
	

	For a multiple result pages search, the script uses  the  variable  Rank
	wich contains current result number. Anything  could  be  written  into,
	including HTML tags.
	

	 Example

	 =======

	

	http://<FD search site>/search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&Rank=<br><h1>XSS</h1>

	

	Note : it works because \"test\" returns several pages.

SOLUTION

	Zoltan Milosevic pathed FDSE, get version 2.0.0.0055
	

	http://www.xav.com/scripts/search/