Stored XSS @ amazon with a book

[Dirk Wetter <spam () drwetter org>]

Hi,

there's in some sense a remarkable flaw in Amazon's web shop (tested on
.de, co.uk, .com).

It's a stored XSS vulnerability which can be exploited with a web
application security book. No kidding! It's easily reproducible:


1) Go to Amazon.TLD (for TLD see above, I guess every domain should work)

2) Search for a web application security book

3) Click on it. It should be a book which offers to search in the content

4) Search in the content for a string (more see below)

5) Put your mouse over the search result and if you're lucky:
   bingo!

WAHH contains some strings, as well as "XSS Attacks". Also I had success
with the German book "Sichere Webanwendungen". If you want to give it a
quick shot: search in WAHH for ADw. Even the "stallowned" hack from RSnake
works.

However it's kind of tricky positioning the payload in the book so that the
containing JavaScript gets to the browser. More @ http://drwetter.eu/amazon



Cheers,

Dirk



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------