XSS in yacy 0.31

From: Donato Ferrante (fdonato_at_autistici.org)
Date: 12/24/04

  • Next message: Thierry Carrez: "[Full-Disclosure] [ GLSA 200412-21 ] MPlayer: Multiple overflows" 
    Date: Fri, 24 Dec 2004 14:52:36 -0000
To: <bugtraq@securityfocus.com>, <vuln@secunia.com>, <full-disclosure@lists.netsys.com>, <bugs@securitytracker.com>, <news@securiteam.com>

                               Donato Ferrante

    Application: yacy
                  http://www.yacy.net

    Version: 0.31

    Bug: cross site scripting

    Date: 24-Dec-2004

    Author: Donato Ferrante
                  e-mail: fdonato@autistici.org
                  web: www.autistici.org/fdonato

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    1. Description
    2. The bug
    3. The code
    4. The fix

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    ----------------
    1. Description:
    ----------------

    Vendor's Description:

    "YACY: a Java Freeware Open-Source Caching HTTP Proxy and Global
    P2P-Based Search Engine"

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    ------------
    2. The bug:
    ------------

    The input strings, into some field, are not filtered by the server so
    they will appear in the returned page.

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    -------------
    3. The code:
    -------------

    To test the vulnerability, try for example:

    1.
       http://[host]:8080/index.html?urlmaskfilter=[XSS]
    -
    2.
       http://[host]:8080/Wiki.html?page=[XSS]
    -

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    ------------
    4. The fix:
    ------------

    Bug fixed in the version 0.32.

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

  • Next message: Thierry Carrez: "[Full-Disclosure] [ GLSA 200412-21 ] MPlayer: Multiple overflows"

    Relevant Pages

    • please pull from the trivial tree
      ... Fix spelling in E1000_DISABLE_PACKET_SPLIT Kconfig description ... +- Finding patch that caused a bug ... +Always try the latest kernel from kernel.org and build from source. ... Length of input string in bytes ...
      (Linux-Kernel)
    • Subterrane v0.194 Alpha Released
      ... system, a character sheet, a ton of new spells, new monsters, item ... Added a character sheet that displays your character's ... Fix: Fixed a bug in the encumbrance calculation and status display ...
      (rec.games.roguelike.announce)
    • [Un] Unangband 0.6.2-wip7a has been released
      ... This release is mostly a bug fix revision to wip7, however, I was able to sneak ... The player only suffers a monster disease if the monster disease state isn't ... Fix up some animal speech sayings. ...
      (rec.games.roguelike.angband)
    • Unangband 0.6.2-wip7a has been released
      ... This release is mostly a bug fix revision to wip7, however, I was able ... You can now use the run command to 'step' into an adjacent monster, ... The player only suffers a monster disease if the monster disease ... Fix up some animal speech sayings. ...
      (rec.games.roguelike.announce)
    • Re: [ulipad:2586] [ANN]UliPad 3.9 released!
      ... UliPad is a flexible editor, ... Change setmenutext to use fix width to set the menu text, ... Bug fix: ...
      (comp.lang.python)