[ Cgi Security Advisory #9 ] admin@cgisecurity.com Netware Web Search Engine, and Microsoft IIS Help File Search Facility Cross Site Scripting Holes Both Found December 2001 Public Release April 2002 Vendors Contacted December 3rd 2001 Scripts Effected: Netware Web Search, IIS Cost: I dunno but they ain't free :) Versions: Novell: Web Search 2.0, 2.0.1 Microsoft: IIS 4.0 and 5.0 Vendors: http://www.novell.com/products/websearch/ http://www.microsoft.com 1. Problem These products are affected by a Cross Site Scripting hole. This hole may allow an attacker to trick a user into thinking something the attacker wrote actually came from the site that is effected. This involves some social engineering to a point but could possibly allow gathering of user information and other types of fraud. The easiest way is to see if you're affected is to enter the following in your search engine field . If a box pops showing your domain name you're vulnerable. 2. Fixes The vendors where notified of the problem. Check the pages below for patching/upgrade information. Novell fix information: "Yes, the fix can be found at support.novell.com downloads It is part of the NetWare 6 sp1 update." - Novell Microsoft fix information: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-018.asp 3. Additional I swear these are my last Cross Site Scripting holes. I found the IIS hole helping a friend with a pen test, and the novell hole 5 minutes later. I only released this advisory because they are two large companies that suffer the same problem, and I myself like to know if my software has holes no matter how small they are. Published to the Public April 2002 Copyright April 2002 Cgisecurity.com