Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] XSS vuln- swapitshop.com

from [vulnkiller] Network Security [Permanent Link]
Subject: [Full-disclosure] XSS vuln- swapitshop.com
Date: Sun, 28 May 2006 15:33:21 +0100

Vendor: SwapitShop.com- 'Safe cash for young people that they can earn & spend on things they want.'

Discovered by: robokoder

N.B. admin were informed 20 days ago... no fix yet- appalling

 

this is a cross-site scripting (XSS) vulnerability that allows for the injection of potentially malicious _javascript_ into links that appear to go to the trusted http://swapitshop.com. The injection is in the search form, the input of which is not properly filtered. Vuln link (non-malicious demonstration): >> alert(document.cookie)">http://www.swapitshop.com/cgi-bin/swapitshop/browse.cgi?username=&ac=&action="">> <<

this can obviously be exploited, e.g. to direct the user to a fake login page so the hacker can steal their password, and thus their swapits. Alternatively it could direct the user to a site where their cookies are stolen. There are obviously other possibilities, but you get the idea...

Given the nature of this site where users put their faith in virtual currency, not fixing a vuln like this immediately, let alone after 20 days is unnaceptable. It is being released to force them to fix it, and ultimately in the interest of their users.

 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] XSS vuln- swapitshop.com, vulnkiller <=
Previous by Date:  [Full-disclosure] A Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8 & 9, Adbulaziz Hariri
Next by Date:  [Full-disclosure] Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities, Mustafa Can Bjorn IPEKCI
Previous by Thread:  [Full-disclosure] A Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8 & 9, Adbulaziz Hariri
Next by Thread:  [Full-disclosure] Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities, Mustafa Can Bjorn IPEKCI
Indexes:  [Date] [Thread] [Top] [All Lists]