lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061216184420.20682.qmail@securityfocus.com>
Date: 16 Dec 2006 18:44:20 -0000
From: DoZ@...kersCenter.com
To: bugtraq@...urityfocus.com
Subject: [HSC Security Group] SiteCatalyst Web Login Cross Site Vulrnabilities

Hackers Center Security Group (http://www.hackerscenter.com/)            
Doz's Security Advisory        


Desc: SiteCatalyst Web Login Cross Site Vulrnabilities
Risk: Medium





Omniture, Inc aims its aperture at your Web site. The company provides Internet analytic software and services to corporate customers such as AOL, eBay, General Motors, and Microsoft. Omniture's primary product, SiteCatalyst, helps clients electronically measure Web site traffic, visitor activity, advertising effectiveness, and e-commerce transactions. Other products include the Omniture Discover, Data, and SearchCenter line of products, designed to provide customers access to all of their data in real time.

Login & Search Engines scripts affected

Vendor: www.omniture.com

Company Email: ir@...iture.com


Proof of concept:


/search.asp?ss=[XSS]


Many sites running Omniture Web tools are almost certainly vulnerable to cross site scripting holes. We made a research and many big companies are using Omniture products (Microsoft included).


-- HSC Security Group 
http://www.hackerscenter.com

Security researcher? Join us: mail Zinho at zinho at hackerscenter.com 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ