###############################################
Vuln. discovered by : r0t
Date: 09 September 2010
vendor:http://www.netartmedia.net/carsportal/
affected versions:v2.0 and other
versions also can be affected.
###############################################
NetArtMEDIA Car Portal contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "car_id" parameter in "index.php" and input passed to the "y" parameter in "include/images.php' isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
##############################################
Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment