[RHA InfoSec] CyberKendra Search Bar Script DOM Based XSS Vulnerability

Details
=============

Risk: Moderated
Vendor-URL: http://www.cyberkendra.com/

Credits
=============
Discovered by: Rafay Baloch And Prakhar Prasad of RHA InfoSec
Blog: http://rafayhackingarticles.net

Description
============

Cyber Kendra wrote a custom search script that allowed the users to easily
search for
stuff on their website.

Vulnerability Details
======================

The vulnerability is a DOM Based xss vulnerability, as our payload was
being embedded into the
DOM and was being returned to the user without proper escaping which
resulted in a DOM Based XSS.

The showresult Function contained the following code, where the input was
being executed
via innerhtml without being sanitised. The skeleton is our user
controllable parameter.


skeleton="<h4>"+config.resultTitle+" &quot;"+input.value+"&quot;</h4>"
resultContainer.innerHTML=skeleton;


Fix
===

We reported the vulnerability to CyberKendra team and also pointed to the
vulnerable code.
However, instead of fixing it, they just removed the whole search script.


-- 
Warm Regards,
Rafay Baloch

http://rafayhackingarticles.net
http://techlotips.com