Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam  Beyond Security  SecuriTeam Home  Ask the Team  Mailing Lists  Advertising Info  Blogs  Black Box Testing  Vulnerability Assessment  Vulnerability Scanner SecuriTeam in Your Inbox   E-mail this article to a friend New vulnerability? New tool? Tell us	Cross-Site Scripting Vulnerability in Mewsoft Auction Script 12 Jul. 2002    Summary Mewsoft Auction a web based auction engine has been found to contain a security vulnerability that would allow attackers to cause a cross-site scripting vulnerability.   Credit: The information has been provided by ? o m e 1.    Details Protect your website! Use an External Vulnerability Scanner! Nothing to install. First report in 1 hour! www.beyondsecurity.com/vulnerability-scanner Vulnerable systems:  * Mewsoft Auction version 3.0 Example: For example accessing the following URL will cause an alert to pop up: http://www.xxxx.com/cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search &Page=0&Cat_ID=&Lang=English&Search=All&Terms=<scr!pt>alert('OopS');</script >&Where=&Sort=Photo&Dir=  Comments:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability Pivot Cross Site Scripting and HTML Injection IBM AIX ToolTalk Database Server Buffer Overflow Vulnerability Webmedia Explorer Cross Site Scripting Vulnerability phpMyAdmin Code Injection Pantha transLucid Cross Site Scripting and HTML Injection Vulnerabilities Clam AntiVIrus Generic Bypass Using RAR CAB or ZIP Files Apache Tomcat RequestDispatcher Directory Traversal Vulnerability HP-UX Running OpenSSL DoS Joomla JA_Purity Multiple Persistent XSS Drupal Flag Module Multiple Vulnerabilities Apple Terminal xterm Resize Escape Sequence Memory Corruption Vulnerability Apple CUPS NULL Pointer Vulnerability OCS Inventory NG Multiple SQL Injections HP-UX Execution of Arbitrary Code and Other Vulnerabilities  Featured Articles Adobe Shockwave Player Director File Parsing Pointer Overwrite Mozilla Firefox Java Applet Loading Vulnerability Microsoft Internet Explorer Security Zone Restrictions Bypass Adobe Acrobat and Reader Heap Overflow Vulnerability Adobe Reader U3D Stack Overflow Vulnerability Apple CUPS NULL Pointer Vulnerability SonicWALL Global Security Client Privilege Escalation Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2008 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®