The CyberKendra Search Bar script suffered from a cross site scripting vulnerability.
4a5361a17f69d745e0fb5aa52190ed508bceb7f198b3fd490a70d9e77ed8a4eb[RHA InfoSec] CyberKendra Search Bar Script DOM Based XSS Vulnerability
Details
=============
Risk: Moderated
Vendor-URL: http://www.cyberkendra.com/
Credits
=============
Discovered by: Rafay Baloch And Prakhar Prasad of RHA InfoSec
Blog: http://rafayhackingarticles.net
Description
============
Cyber Kendra wrote a custom search script that allowed the users to easily
search for
stuff on their website.
Vulnerability Details
======================
The vulnerability is a DOM Based xss vulnerability, as our payload was
being embedded into the
DOM and was being returned to the user without proper escaping which
resulted in a DOM Based XSS.
The showresult Function contained the following code, where the input was
being executed
via innerhtml without being sanitised. The skeleton is our user
controllable parameter.
skeleton="<h4>"+config.resultTitle+" ""+input.value+""</h4>"
resultContainer.innerHTML=skeleton;
Fix
===
We reported the vulnerability to CyberKendra team and also pointed to the
vulnerable code.
However, instead of fixing it, they just removed the whole search script.
--
Warm Regards,
Rafay Baloch
http://rafayhackingarticles.net
http://techlotips.com
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed