Profi Einzelgebots Auktions System suffers from a cross site scripting vulnerability.
2e22df57f3fb8aa6ae2e2a4e69f2ec3bcc70ab5a1a525895c76374c490249e20
[x] Author: Andrea Bocchetti
[x] Homepage : www.geekit.it
// Software Info
Name : Profi Einzelgebots Auktions System
Demo : http://hiweb-wiesbaden.de/hammerdealv3/
Price : 399.99
Exploit :
http://www.site.com/hammerdealv3/suche.php
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
<form id="search_form" name="form_suchenach" action="suche.php" method="POST">
Input passed via the "suche.php" is not properly sanitised before
being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session on context of an affected site.