Mewsoft NetAuction 3.0 - Cross-Site Scripting Vulnerability

2002-06-14T00:00:00
ID EDB-ID:21553
Type exploitdb
Reporter windows-1256
Modified 2002-06-14T00:00:00

Description

Mewsoft NetAuction 3.0 Cross Site Scripting Vulnerability. CVE-2002-1703. Webapps exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/5023/info

NetAuction does not filter HTML code from URI parameters, making it prone to cross-site scripting attacks. Attacker-supplied HTML code may be included in a malicious links. The attacker-supplied HTML code will be executed in the browser of a web user who visits this link, in the security context of the host running NetAuction. Such a link might be included in a HTML e-mail or on a malicious webpage.

http://www.xxxx.com/cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search
&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('OopS');</script>&
Where=&Sort=Photo&Dir=