MySQL Auction XSS vuln.
Vuln. dicovered by : r0t Date: 14 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/mysql-auction-xss-vuln.html vendor:mysqlauction.com affected version: 3.0 and prior
Full featured, MySQL database driven online auction software. Features include, item question and answer forum, featured listing options, listing fees, auto thumbnail creation. Also inclused a MyAuction section, where members can keep track of items for sale, items they are bidding on, closed/sold items, and a personal watch item list. Member billing handled directly from the web based Admin Panel! A step-by-step installation script will setup the MySQL database tables using your database name, username and password. Use the Admin Panel to customize your auction variables and your new auction site is ready to go online! The software also uses header and footer HTML files, simply modify them to match your existing site for an integrated online auction solution. With this 100% MySQL database driven online auction software package, our goal is to develop powerful database applications, to improve web site server/client interface, and to provide dynamic content with improved performance.
MySQL Auction contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to search module parameters isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Solution: Edit the source code to ensure that input is properly sanitised.