search engine
-=[--------------------ADVISORY-------------------]=-
Mobile Mp3 Search Engine 2.0
Author: Corrado Liotta Aka CorryL [corryl80@gmail.com]
-=[-----------------------------------------------]=-
-=[+] Application: Mobile Mp3 Search Engine
-=[+] Version: 2.0
Source: Christian Holler <http://users.own-hero.net/~decoder/>
Systems Affected:
Sphider 1.3.4 (http://www.sphider.eu/) - A PHP Search Engine
Severity: Moderate
Overview:
SecurityVulns Issue: http://securityvulns.com/news/Microsoft/IE/saved-css.html
Additional Information (in Ukranian): http://websecurity.com.ua/1241/
Original message (in Russian): http://securityvulns.ru/Rdocument865.html
3. MustLive reports crossite scripting vulnerability in Search Engine
Builder.
Request
http://site/search/search.html?searWords=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://ruder.cdut.net
Summary:
Baidu Soba is a popular browser toolbar which developed by Baidu, a Chinese web search engine company, like Google, more informations can be found at:
http://www.baidu.com
http://bar.baidu.com/sobar/promotion.html
There exists a remote code execute vulnerability in Baidu Soba's ActiveX Control "BaiduBar.dll". A remote attacker who successfully exploit these vulnerabilities can completely take control of the affected system.
Hello Bugtraq!
I want to warn you about Cross-Site Scripting vulnerability in Google AJAX
Search.
In 2007 I already wrote about vulnerability in Google Custom Search Engine
(http://websecurity.com.ua/1050/) - CVE-2007-3484
(http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3484), and this is
new vulnerability related to Google Custom Search Engine, because AJAX
Search is one variant of CSE.
################
What is Wowd?
################
Wowd is a real-time search engine for discovering
what's popular on the web right now.
In essence, the company has made a peer-to-peer
search engine powered by what other Wowd users
are looking at online rather than studying and
etc.
5. Click Print. When the PDF writer asks for a filename, provide any name.
6. Open the generated pdf in notepad, and search for "file://" without
quotes.
Search for this on your favorite search engine (Google/Bing)
------------------------------------------------------------
filetype:pdf file c (htm OR html OR mhtml)
Google Search 1 (for drive C)
[http://www.google.com/search?hl=en&q=filetype%3Apdf+file+c+%28htm+OR+html+O
page, access stats page with counter, user customizable box, themes
manager for registered users, friendly administration GUI with graphic
topic manager, option to edit or delete stories, option to delete
comments, moderation system, Referrers page to know who link us,
sections manager, customizable HTML blocks, user and authors edit, an
integrated Banners Ads system, search engine, backend/headlines
generation (RSS/RDF format), and many, many more friendly functions.
3. VULNERABILITY DESCRIPTION
page, access stats page with counter, user customizable box, themes
manager for registered users, friendly administration GUI with graphic
topic manager, option to edit or delete stories, option to delete
comments, moderation system, Referrers page to know who link us,
sections manager, customizable HTML blocks, user and authors edit, an
integrated Banners Ads system, search engine, backend/headlines
generation (RSS/RDF format), and many, many more friendly functions.
3. VULNERABILITY DESCRIPTION
page, access stats page with counter, user customizable box, themes
manager for registered users, friendly administration GUI with graphic
topic manager, option to edit or delete stories, option to delete
comments, moderation system, Referrers page to know who link us,
sections manager, customizable HTML blocks, user and authors edit, an
integrated Banners Ads system, search engine, backend/headlines
generation (RSS/RDF format), and many, many more friendly functions.
3. VULNERABILITY DESCRIPTION
CVE-2010-1614
Multiple cross-site scripting (XSS) vulnerabilities allow
remote attackers to inject arbitrary web script or HTML via
vectors related to (1) the Login-As feature or (2) when the
global search feature is enabled, unspecified global search
forms in the Global Search Engine.
CVE-2010-1615
Multiple SQL injection vulnerabilities allow remote attackers
to execute arbitrary SQL commands via vectors related to (1)
the add_to_log function in mod/wiki/view.php in the wiki
CVE-2010-1614
Multiple cross-site scripting (XSS) vulnerabilities allow
remote attackers to inject arbitrary web script or HTML via
vectors related to (1) the Login-As feature or (2) when the
global search feature is enabled, unspecified global search
forms in the Global Search Engine.
CVE-2010-1615
Multiple SQL injection vulnerabilities allow remote attackers
to execute arbitrary SQL commands via vectors related to (1)
the add_to_log function in mod/wiki/view.php in the wiki
* Operating Systems
* Career and Management topics
* Mobile Devices/Embedded Systems
* Information Security Audit and Control
* Social Networking and Search Engine Hacks & Threats
* Information Security Policies
* Privacy
* Messing with Network Protocols
* Security from layer 1 through 7
* 802.11 Wireless and any RF related stuff for that matter
11 November 2007 -- Advisory Released
What is Eggblog
------------------------
eggblog is a free PHP & MySQL blogging package. Features include an internal search engine,
photo albums, forums, plug-ins, guest comments to blog articles, automatic monthly archiving
of blog articles and RSS XML feeds for both the blog and forums.
I discovered the security holes when I was testing it for my personel web blog.
Hi
The LDAP garbage dump that remains on web server results in information
disclosure. Security
of LDAP may be compromised, if for instance a search engine crawls
through untamed directories
on the web server and finds information through the ldap.xml file. This
type of harvesting attack is
also termed “static information leveraging attack.” This article
provides methods for dealing with
> to classify as an unlawful act, it is usually harmful to the site owner and
> possibly to the site users. Apart from using valuable resources, such an
> automated access may breach the site's usage license of public information
> and might also indicate unlawful activity such as using a botnet. Many times
> it is hard to know if such a blast of requests is a denial of service
> attack, brute force password cracking or just a search engine crawler.
>
> Going forward we are going to add such incidents to WHID if there is a
> reason to believe that they are not friendly, even if the actual goal of the
> attack cannot be easily classified. The Facebook case at hand is a perfect
> example: while the details are not clear, the fact that Facebook filed a law
Slightly affected:
Mozilla Thunderbird Version 2.0.14 (20080421)
Not vulnerable:
Avira Antivir Search engine: v8.01.01.11, 17.07.2008
Mutt
Courier
== Correct handling of overly complex messages= ==
There exist examples of software, which excellently handles overly complex
>
>Slightly affected:
>Mozilla Thunderbird Version 2.0.14 (20080421)
>
>Not vulnerable:
>Avira Antivir Search engine: v8.01.01.11, 17.07.2008
>Mutt
>Courier
Turnpike is also not vulnerable. Multikill is displayed correctly &
Nesty is partially displayed, after a warning that the message is too
brlc> Slightly affected:
brlc> Mozilla Thunderbird Version 2.0.14 (20080421)
brlc> Not vulnerable:
brlc> Avira Antivir Search engine: v8.01.01.11, 17.07.2008
brlc> Mutt
brlc> Courier
brlc> == Correct handling of overly complex messages= ==
brlc> There exist examples of software, which excellently handles overly complex
version : <= 3.0
Vendor : http://www.dboorn.com/estate/
Description :
Elegant real estate script that allows for unlimited listings and agents with featured listings,
unlimited photos, advanced search engine, user login option, user tracking, dynamic slide shows,
Mls/Idx support, multiple agents with photo, mortgage calculator, schools info, C.M.A.
request form, full admin panel.Requires PHP/Mysql Windows Server or any Web server with php support.
---------------------------------------------------------------------------
etc.
5. Click Print. When the PDF writer asks for a filename, provide any name.
6. Open the generated pdf in notepad, and search for “file://” without
quotes.
Search for this on your favorite search engine (Google/Bing)
------------------------------------------------------------
filetype:pdf file c (htm OR html OR mhtml)
Google Search 1 (for drive C)
[http://www.google.com/search?hl=en&q=filetype%3Apdf+file+c+%28htm+OR+html+O
Vendor description:
-------------------
Sitecore CMS makes it effortless to create content and experience rich
websites that help you achieve your business goals such as increasing
sales and search engine visibility, while being straight-forward to
integrate and administer. Sitecore lets you deliver sites that are
highly scalable, robust and secure. Whether you're focused on
marketing, development and design, or providing site content, Sitecore
delivers for you.
VENDOR'S RESPONSE & RECOMMENDED FIX:
The vendor published a patch on February, 2012 that is supposed to add the
ability of the engine to inspect Office XML formats.
The recommended fix according to vendor is to apply the patch (version 5.6
Build 2354) and make the appropriate changes to the search engine, that relates
to XML/HTML capabilities.
DISCOVERED BY:
Moshe Zioni, Senior Information Security Consultant @ Comsec Global Consulting
http://www.victim.com/cart_save.php?operation=save&rnd=&rp=products.php&cart_name=<html><script>alert("VULN");</script></html>
http://www.victim.com/cart_save.php?operation=save&rnd=&rp=products.php&cart_name=<html><script>window.location="http://malicious-site.com";</script></html>
Then when the user visits "My Saved Carts" at
http://victim.com/user_carts.php the code is executed:
Example 1 would give a link to the Google search engine.
Example 2 would give a javascript alert popup displaying "VULN".
Example 3 would send the user to a malicious site.
Note: manuals_search.php is also vulnerable to the same
HTML/Javascript vulnerability that allows for arbitrary code to
494
Introduction:
=============
Start your own Flash web game website. Search engine optimized. Embed your Adsense etc code. 5 star AJAX rating system.
True full-screen toggle for the players. Unlimited category organization. Quick and easy to add games! This game site is easy
enough that inexperienced users will be able to create their game site from start to finish (just install and add content
using the visual editor and without knowing any HTML). Yet powerful and customizable enough that experienced
webmasters and programmers will appreciate both time saved and streamlined organization features which will make
management of their game site easy down the road.
|
