[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Multiple XXS vulnerabilities at http://www.shopathometv.com

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Multiple XXS vulnerabilities at http://www.shopathometv.com
From: "secure poon" <suckure@xxxxxxxxx>
Date: Sun, 10 Jun 2007 12:27:40 -0700

*Overview*
http://wwww.shopathometv.com, A popular website whos television program runs
late night on local syndicated television is vulnerable to multiple xxs
flaws. While shopping their site last night, they did not have a product I
was looking for when I entered an item number so I decided to test a few
things.

*1st Bug*

The main search box input is not sanitized on the front page. Simply go to
http://www.shopathometv.com and in their product search box type in
<script>alert(document.cookie );</script> hit the Go inside the circle. When
the page finishes loading if you are a user signed up (have'nt tested not
signed up) you will get displayed all of your session variables.

*2nd Bug*

On the The following page there is an xxs inside the showTitle GET variable.
Click the link below
https://www.shopathometv.com/programguide/thumbnail.jsp?date=null&showId=3203180&showTitle=<script>alert(document.cookie);</script>&sortType=Best%20Selling

*Fix
*Sanitize all input variables.

*Conclusion*
will not be shopping there until this is fixed.

-suckure

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [TOOL] w3af - Web Application Attack and Audit Framework
Next by Date: [Full-disclosure] Multiple XXS vulnerabilities at http://www.shopathometv.com
Previous by thread: [Full-disclosure] [TOOL] w3af - Web Application Attack and Audit Framework
Next by thread: [Full-disclosure] Multiple XXS vulnerabilities at http://www.shopathometv.com
Index(es):
- Date
- Thread