scip AG

NASLDB: Auction Deluxe auction.pl Multiple Parameter XSS

General

ID: 11365
Name: Auction Deluxe auction.pl Multiple Parameter XSS

Summary: Checks for auction.pl

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: 80
Family: CGI abuses : XSS
Type: Remote

Description

The remote Auction Deluxe server is vulnerable to a cross-site
scripting attack.

As a result, a user could easily steal the cookies of your legitimate
users and impersonate them.

Exploiting

Exploit Available: False
Exploitability Ease: No known exploits are available

Sources

CVE: CVE-2002-0257
OSVDB: 9286
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2002/02/09
Patch Release: –
Plugin Release: 2003/03/12

Plugin

Version: 1.28
Filename: auctiondeluxe_xss.nasl
Filesize: 2185 bytes
MD5 Hash: a90db518bd925074e1d6a71fd90c7b69

Identification: –
Require Keys: Settings/ParanoidReport
Dependencies: "http_version.nasl", "no404.nasl", "cross_site_scripting.nasl"

Copyright: This script is Copyright© 2003-2011 Tenable Network Security, Inc.

Latest Plugins

• Latest Plugins
  • USN-1611-1 : thunderbird vulnerabilities
  • USN-1610-1 : linux vulnerability
  • USN-1609-1 : linux-ti-omap4 vulnerability
  • SuSE 10 Security Update : PostgreSQL
  • RHSA-2012-1364: bind97
  • RHSA-2012-1363: bind
  • RHSA-2012-1362: thunderbird
  • RHSA-2012-1361: xulrunner
  • Mandriva Linux Security Advisory : graphicsmagick
  • FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack

• Archive
• scip VulDB
• Syndication
  • RSS
  • Twitter