[x] Author: Andrea Bocchetti
[x] Homepage : www.geekit.it

// Software Info
Name : Profi Einzelgebots Auktions System
Demo : http://hiweb-wiesbaden.de/hammerdealv3/
Price : 399.99

Exploit :

http://www.site.com/hammerdealv3/suche.php

This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
<form id="search_form" name="form_suchenach" action="suche.php" method="POST">
Input passed via the "suche.php" is not properly sanitised before
being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session on context of an affected site.