26th Sep 2002 [SBWID-5300]
COMMAND
	OpenKeyServer cross site scripting allows code insertion in keys
SYSTEMS AFFECTED
	OpenKeyServer version 1.2
PROBLEM
	Sebastien Lemmens [http://securiteam.com] says :
	A security vulnerability in the way the server returns  results  of  key
	queries  allows  attackers  to  insert  malicious  code  into   existing
	replies. This is of particular  danger  when  it  comes  to  keyservers,
	since the  key  information  itself  is  usually  considered  as  highly
	trustworthy.
	Example:
	
	http://search.keyserver.net:11371/pks/lookup?template=netensearch%2Cnetennom
	atch%2Cnetenerror&search=<iframe%20style="position:absolute;left:0;top:0"%20
	%20frameborder=0%20scrolling=0%20noresize%20%20width=800%20height=900%20src=
	http://www.securiteam.com/openkeyservertemp/></iframe>&op=index
	
	(All < should be present and not replaced by <).
	In order to complete the attack, all you need to  do  is  create  a  few
	small HTMLs on your server, causing anyone accessing the  above  URL  to
	not know he is no longer  accessing  keyserver.net  but  rather  someone
	else's server.
SOLUTION
	None yet.