Someone that are accessing your search system can execute malicious codes on your browser easily!!!

When someone input in the search box some code and submit, the code will be logged on an file. From admin section when admin enter in view search log the code will be executed.
---
Joao Felipe S. S. Orui

What search log?

Could you show an example?

http://yoursearchsite.com/...admin.cgi?view_log=1
if the user puts some malicious code in search box and then submit it, it will be available on search log (access admin.cgi?view_log=1) :) there is no html wrap :(
---
Joao Felipe S. S. Orui

Theres no such thing as view_log

Is this a modification you installed?

Andy (mod)
andy@ultranerds.co.uk

---

Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!

The admin directory should be protected by .htaccess and .htpasswd in any case.