header-logo
Suggest Exploit
vendor:
PSY Auction
by:
SecurityFocus
7.5
CVSS
HIGH
HTML-injection and SQL-injection
89, 79
CWE
Product Name: PSY Auction
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

PSY Auction Multiple Input Validation Vulnerabilities

PSY Auction is prone to multiple input-validation vulnerabilities. The issues include HTML-injection and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploits of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, control how the site is rendered to the user, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.

Mitigation:

Input validation should be used to ensure that untrusted data is not allowed into the system. All input data should be validated and sanitized before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17974/info
 
PSY Auction is prone to multiple input-validation vulnerabilities. The issues include HTML-injection and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. 
 
Successful exploits of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, control how the site is rendered to the user, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
 
http://www.example.com/auction/email_request.php?user_id=[malicious code]

Navigation

Suggest Exploit

Services By CQR