XSS Hole in Fluid Dynamics search Engine

VALDEUX@aol.com · Wed, 10 Jul 2002 11:48:09 EDT



Name :      FD Search Engine
Vendor :    Fluid Dynamics - http://www.xav.com
Version :   Probably all
Demo :      http://www.xav.com/search.pl

Note :  Sorry for my poor english ...
-------------------------------------


PROBLEM
    For a multiple result pages search, the script uses the variable Rank wich
contains current result number.
    Anything could be written into, including HTML tags.


EXEMPLE
    http://www.xav.com/search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;
Rank=<br><h1>XSS</h1>
Note : it works because "test" returns several pages.

SOLUTION
    None yet.