WebProNews Ad Rates Click Now!

Google API Vulnerable To Cross-Site Scripting

By WebProNews Staff · November 29, 2005 · Leave a Comment

Get the WebProNews Newsletter:

Security advisory firm Secunia reported a cross-site scripting vulnerability in the Google API Search Engine Script version 1.x, and confirmed it does exist in 1.3.1.

Secunia referenced a vulnerability report on the Unsecured Systems blog describing the flaw, which had not been patched at press time.

The blog described the vulnerability, which Secunia tested and found it does exist:

Input passed to the “REQ” parameter in “index.php” when performing a search isn’t properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

example:
/index.php?REQ=%3Cscript%3Ealert(‘r0t%20XSS’)%3C/script%3ESubmit=Submit

Secunia has rated the vulnerability as “less critical.” The vendor, WWWSearchSolutions, will have to update the source code to fix the issue; developers using the script should check the website for a corrected version.

David Utter is a staff writer for WebProNews covering technology and business. Email him here.

Top Rated White Papers and Resources

What do you think? Respond. Cancel reply

1st 336 (Multi)
PRTracking House Ad
Sidebar Top

Googlers Talk Indoor Maps For 40 Minutes [Video]
This is the next frontier of Google Maps

1 Comment

Yahoo To Host 'Product-Related' Event Next Monday
Tumblr-related?

Gmail Gets New Quick Actions Inside the Inbox
RSVP, Check-In, and Review Right From the Inbox

New Google Maps Revealed At Google I/O
Including some new mobile and tablet maps
Group of 2
Sidebar Middle

Google Adds Conversational Search To Desktop
Part of 'the end of search'

Google Just Took Out Thousands Of Linksellers
Let the good times roll

2 Comments

The New Google Maps Is Real, And Here's What It Does
Sign-up page leaks ahead of release

1 Comment

Google On What's Coming Soon To SEO
It involves Penguin, Panda and a whole lot more

42 Comments
Temp 336×280
Sidebar Bottom

German Court Rules Against Google Over Autocomplete
Says they must remove defamatory suggestions

1 Comment

Bing To Add Klingon Language To Translator
Part of marketing for new Star Trek film

Play Atari's Breakout in Google Image Search
Awesome Easter Egg

2 Comments

Bing Autosuggest Adds More People Info
Including a "did you mean?" feature
Sticky 336
Advertisement

Next Article »