| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 16 Dec 2006 18:44:20 -0000 From: DoZ@...kersCenter.com To: bugtraq@...urityfocus.com Subject: [HSC Security Group] SiteCatalyst Web Login Cross Site Vulrnabilities Hackers Center Security Group (http://www.hackerscenter.com/) Doz's Security Advisory Desc: SiteCatalyst Web Login Cross Site Vulrnabilities Risk: Medium Omniture, Inc aims its aperture at your Web site. The company provides Internet analytic software and services to corporate customers such as AOL, eBay, General Motors, and Microsoft. Omniture's primary product, SiteCatalyst, helps clients electronically measure Web site traffic, visitor activity, advertising effectiveness, and e-commerce transactions. Other products include the Omniture Discover, Data, and SearchCenter line of products, designed to provide customers access to all of their data in real time. Login & Search Engines scripts affected Vendor: www.omniture.com Company Email: ir@...iture.com Proof of concept: /search.asp?ss=[XSS] Many sites running Omniture Web tools are almost certainly vulnerable to cross site scripting holes. We made a research and many big companies are using Omniture products (Microsoft included). -- HSC Security Group http://www.hackerscenter.com Security researcher? Join us: mail Zinho at zinho at hackerscenter.com
Powered by blists - more mailing lists