Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine
Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine
09 October 2003
PDF version: http://www.sintelli.com/adv/sa-2003-02-zoomsearch.pdf
Background
Zoom is a package that adds search facilities to your website and produces
fast search results by indexing your website in advance. Unlike other
solutions relying on server-side software, Zoom allows you to do this from
the convenience of your own Windows computer.
More information about the product is available here:
http://www.wrensoft.com/zoom/index.html
Description
The Zoom Search engine does not properly filter user supplied input when
displaying the search results. This issue allows remote attacker to inject
malicious code in the target system. All the code will be executed within
the context of the website. An example of such an attack is
http://www.victim.com/search.php?zoom_query=<script>alert("hello")</script><script>alert("hello")</script>
In order for the attack to work a user must click on one of these specially
crafted URLs, which can be sent by email to the user, or by the using
clicking on a link.
Impact
It is possible for an attacker to retrieve information from a user's system.
Versions affected
Version 2.0 - Build: 1018 (Earlier builds may be vulnerable)
Solution
Upgrade to Build 1019. This can be downloaded from
http://www.wrensoft.com/ftp/zoomsearch.exe
Vulnerability History
30 Sep 2003 Identified by Ezhilan of Sintelli
01 Oct 2003 Issue disclosed to Wrensoft
02 Oct 2003 Second notification to Wrensoft
02 Oct 2003 Vulnerability confirmed by Raymond Leung of
Wrensoft.
08 Oct 2003 Sintelli informed of fix Wrensoft
08 Oct 2003 Sintelli confirms vulnerability has been addressed
08 Oct 2003 Build 1019 available
09 Oct 2003 Sintelli Public Disclosure
Credit
Ezhilan of Sintelli discovered this vulnerability.
About Sintelli:
Sintelli is the world's largest provider of security intelligence solutions.
Sintelli is the definitive source for IT Security intelligence and is a
provider of third generation intelligence security solutions.
Request a free trial of our alerting solution by clicking here
http://www.sintelli.com/free-trial.htm
Copyright 2003 Sintelli Limited. All rights reserved. www.sintelli.com