Quantcast

Google API Vulnerable To Cross-Site Scripting

Get the WebProNews Newsletter:
[ Search]

Security advisory firm Secunia reported a cross-site scripting vulnerability in the Google API Search Engine Script version 1.x, and confirmed it does exist in 1.3.1.

Secunia referenced a vulnerability report on the Unsecured Systems blog describing the flaw, which had not been patched at press time.

The blog described the vulnerability, which Secunia tested and found it does exist:

Input passed to the “REQ” parameter in “index.php” when performing a search isn’t properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

example:
/index.php?REQ=%3Cscript%3Ealert(‘r0t%20XSS’)%3C/script%3ESubmit=Submit


Secunia has rated the vulnerability as “less critical.” The vendor, WWWSearchSolutions, will have to update the source code to fix the issue; developers using the script should check the website for a corrected version.

David Utter is a staff writer for WebProNews covering technology and business. Email him here.

Google API Vulnerable To Cross-Site Scripting
Comments Off
Top Rated White Papers and Resources

Comments are closed.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom