Home / os / winme

shop-xss.txt

Posted on 11 June 2007

*Overview* http://wwww.shopathometv.com, A popular website whos television program runs late night on local syndicated television is vulnerable to multiple xxs flaws. While shopping their site last night, they did not have a product I was looking for when I entered an item number so I decided to test a few things. *1st Problem:* The main search box input is not sanitized on the front page. Simply go to http://www.shopathometv.com and in their product search box type in <script>alert(document.cookie);</script> hit the Go inside the circle. When the page finishes loading if you are a user signed up (have'nt tested not signed up) you will get displayed all of your session variables. *2nd Problem* On the The following page there is an xxs inside the showTitle GET variable. Click the link below https://www.shopathometv.com/programguide/thumbnail.jsp?date=null&showId=3203180&showTitle=<script>alert(document.cookie);</script>&sortType=Best%20Selling *Fix* Sanitize all input variables. *Conclusion* not be shopping there until this is fixed. -suckure

 

TOP