# Author: Andrea Bocchetti
# Contact: flashcreazione@gmail.com
# Homepage : www.geekit.it
// Software Info
# Name : activebusinessdirectory
# Version : v 2
# Price : $499.00 USD
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Input passed via the "search" parameter to search.asp is
not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML
and script code in a user's browser session
on context of an affected site.
POC
http://name.com/demoactivebusinessdirectory/searchadvance.asp? <= xss
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash
into a vulnerable application to fool a user in order to gather data from them.
How to fix this vulnerability :
Script should filter metacharacters from user input.