|
|
| |
| Zoom is "the easiest and most straight forward way to add a powerful custom search engine to your website". A vulnerability in the product allows remote attackers to cause to product to return arbitrary HTML and/or JavaScript. |
| |
Credit:
The information has been provided by Ezhilan of Sintelli SINTRAQ.
|
| |
Vulnerable systems:
* Zoom version 2.0 - Build: 1018
The Zoom Search engine does not properly filter user-supplied input when displaying the search results. This issue allows remote attacker to inject malicious code in the target system. All the code will be executed within the context of the website. An example of such an attack is
http://www.victim.com/search.php?zoom_query=< script>alert("hello")</script>< script>alert("hello")</script>
In order for the attack to work, a user must click on one of these specially crafted URLs, which can be sent by email to the user, or by the using clicking on a link.
Impact:
It is possible for an attacker to retrieve information from a user's system.
Solution:
Upgrade to Build 1019. This can be downloaded from http://www.wrensoft.com/ftp/zoomsearch.exe.
Vulnerability History:
30 Sep 2003 Identified by Ezhilan of Sintelli
01 Oct 2003 Issue disclosed to Wrensoft
02 Oct 2003 Second notification to Wrensoft
02 Oct 2003 Vulnerability confirmed by Raymond Leung of Wrensoft.
08 Oct 2003 Sintelli informed of fix Wrensoft
08 Oct 2003 Sintelli confirms vulnerability has been addressed
08 Oct 2003 Build 1019 available
09 Oct 2003 Sintelli Public Disclosure
|
|
|
|
|
