1

I'm testing drupal website and I've noticed that search query gets appended to the base URL in the response, like so:

query: "hey ho: there"
http://www.baseurl.com/search/node/hey ho%3A there

query: "dis iz stackexchange!"
http://www.baseurl.com/search/node/dis iz stackexchange!

query: "@ # $ % ^ & * ( ) < > [ ]"
http://www.baseurl.com/search/node/%40 %23 %24 %25 ^ %26 * ( ) < > [ ]
  1. Is this behavior dangerous?
  2. Any guess why any of the '* ( ) < > [ ] !' aren't escaped?
Mercurial
  • 111
  • 3
  • 3
    Not inherently, but it could be a vulnerability depending on how the rest of your code handles that input. Do you escape the query text when showing it on your page? Have you parameterized your database queries? – Aron Foster Jan 30 '15 at 17:03
  • @AronFoster I have no access to source code. I'm blind testing. – Mercurial Jan 30 '15 at 17:19
  • 1
    Well you haven't found an exploit here. Good luck elsewhere! – Aron Foster Jan 30 '15 at 17:20

0 Answers0