Full Disclosure mailing list archives
Multiple XXS vulnerabilities at http://www.shopathometv.com
From: "secure poon" <suckure () gmail com>
Date: Sun, 10 Jun 2007 01:54:13 -0700
*Overview* http://wwww.shopathometv.com, A popular website whos television program runs late night on local syndicated television is vulnerable to multiple xxs flaws. While shopping their site last night, they did not have a product I was looking for when I entered an item number so I decided to test a few things. *1st Problem:* The main search box input is not sanitized on the front page. Simply go to http://www.shopathometv.com and in their product search box type in <script>alert(document.cookie);</script> hit the Go inside the circle. When the page finishes loading if you are a user signed up (have'nt tested not signed up) you will get displayed all of your session variables. *2nd Problem* On the The following page there is an xxs inside the showTitle GET variable. Click the link below https://www.shopathometv.com/programguide/thumbnail.jsp?date=null&showId=3203180&showTitle=<script>alert(document.cookie);</script>&sortType=Best%20Selling *Fix* Sanitize all input variables. *Conclusion* not be shopping there until this is fixed. -suckure
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Multiple XXS vulnerabilities at http://www.shopathometv.com secure poon (Jun 10)
- <Possible follow-ups>
- Multiple XXS vulnerabilities at http://www.shopathometv.com secure poon (Jun 10)