TUCoPS :: Web :: Apps :: wrenzoom.txt

Wrensoft Zoom Search Engine XSS 

Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine
09 October 2003

PDF version: <http://www.sintelli.com/adv/sa-2003-02-zoomsearch.pdf>

Background
Zoom is a package that adds search facilities to your website and produces
fast search results by indexing your website in advance. Unlike other
solutions relying on server-side software, Zoom allows you to do this from
the convenience of your own Windows computer.

More information about the product is available here:
<http://www.wrensoft.com/zoom/index.html>

Description
The Zoom Search engine does not properly filter user supplied input when
displaying the search results. This issue allows remote attacker to inject
malicious code in the target system. All the code will be executed within
the context of the website. An example of such an attack is

http://www.victim.com/search.php?zoom_query=<script>alert("hello")</script><script>alert("hello")</script <http://www.victim.com/search.php?zoom_query=<script>alert(>>

In order for the attack to work a user must click on one of these specially
crafted URLs, which can be sent by email to the user, or by the using
clicking on a link.

Impact
It is possible for an attacker to retrieve information from a user's system.

Versions affected
Version 2.0 - Build: 1018 (Earlier builds may be vulnerable)

Solution
Upgrade to Build 1019. This can be downloaded from
<http://www.wrensoft.com/ftp/zoomsearch.exe>


Vulnerability History
30 Sep 2003 Identified by Ezhilan of Sintelli
01 Oct 2003 Issue disclosed to Wrensoft
02 Oct 2003 Second notification to Wrensoft
02 Oct 2003 Vulnerability confirmed by Raymond Leung of
Wrensoft.
08 Oct 2003 Sintelli informed of fix Wrensoft
08 Oct 2003 Sintelli confirms vulnerability has been addressed
08 Oct 2003 Build 1019 available
09 Oct 2003 Sintelli Public Disclosure

Credit
Ezhilan of Sintelli discovered this vulnerability.

About Sintelli:
Sintelli is the world's largest provider of security intelligence solutions.
Sintelli is the definitive source for IT Security intelligence and is a
provider of third generation intelligence security solutions.

Request a free trial of our alerting solution by clicking here
<http://www.sintelli.com/free-trial.htm>

Copyright 2003 Sintelli Limited. All rights reserved. www.sintelli.com <http://www.sintelli.com>

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH