Profi Einzelgebots Auktions System suffers from a cross site scripting vulnerability.
2e22df57f3fb8aa6ae2e2a4e69f2ec3bcc70ab5a1a525895c76374c490249e20[x] Author: Andrea Bocchetti
[x] Homepage : www.geekit.it
// Software Info
Name : Profi Einzelgebots Auktions System
Demo : http://hiweb-wiesbaden.de/hammerdealv3/
Price : 399.99
Exploit :
http://www.site.com/hammerdealv3/suche.php
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
<form id="search_form" name="form_suchenach" action="suche.php" method="POST">
Input passed via the "suche.php" is not properly sanitised before
being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session on context of an affected site.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed