Full Disclosure mailing list archives
Re: Vulnerability in Google AJAX Search
From: Christian Sciberras <uuf6429 () gmail com>
Date: Wed, 10 Nov 2010 23:28:11 +0100
Let me get this straight....the vulnerability was in some sample code (if so, you ought to check out the PHP manual)? Just asking... Chris. 2010/11/10 MustLive <mustlive () websecurity com ua>
Hello Full-Disclosure! I want to warn you about Cross-Site Scripting vulnerability in Google AJAX Search. In 2007 I already wrote about vulnerability in Google Custom Search Engine (http://websecurity.com.ua/1050/) - CVE-2007-3484 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3484), and this is new vulnerability related to Google Custom Search Engine, because AJAX Search is one variant of CSE. ------------------------- Affected products: ------------------------- Potentially vulnerable are all sites and web applications which are using Google AJAX Search. Particularly those ones which used AJAX Search before 25th of June, 2010, when Google agreed with me and changed documentation of AJAX Search to prevent incorrect use of their application. ---------- Details: ---------- XSS (WASC-08): http://site/search/?parameter=’;alert(document.cookie);// This is DOM Based XSS. For example, in IB Pro CMS (SecurityVulns ID: 11131), where Google AJAX Search is using, the next request is used for attack: http://site/search/?qs=’;alert(document.cookie);// Besides system IB Promotion Advanced Business Web Suite (IB Pro CMS) and sites on it, which contain this vulnerability in Google AJAX Search, such vulnerability also took place in other web application. As I found in September, Search Api Ajax Google (searchajaxgoogle) extension for TYPO3 CMS is vulnerable for Cross-Site Scripting (http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-003/). ------------ Timeline: ------------ 2010.06.22 - announced at my site. 2010.06.23 - informed developers. First they tried to decline, but later they agreed with me. 2010.06.25 - Google agreed with me and changed documentation of AJAX Search. 2010.11.10 - disclosed at my site. I mentioned about this vulnerability at my site (http://websecurity.com.ua/4309/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Vulnerability in Google AJAX Search MustLive (Nov 10)
- Re: Vulnerability in Google AJAX Search Christian Sciberras (Nov 10)