Penetration Testing mailing list archives
Stored XSS @ amazon with a book
From: Dirk Wetter <spam () drwetter org>
Date: Fri, 17 Dec 2010 14:34:08 +0100
Hi, there's in some sense a remarkable flaw in Amazon's web shop (tested on .de, co.uk, .com). It's a stored XSS vulnerability which can be exploited with a web application security book. No kidding! It's easily reproducible: 1) Go to Amazon.TLD (for TLD see above, I guess every domain should work) 2) Search for a web application security book 3) Click on it. It should be a book which offers to search in the content 4) Search in the content for a string (more see below) 5) Put your mouse over the search result and if you're lucky: bingo! WAHH contains some strings, as well as "XSS Attacks". Also I had success with the German book "Sichere Webanwendungen". If you want to give it a quick shot: search in WAHH for ADw. Even the "stallowned" hack from RSnake works. However it's kind of tricky positioning the payload in the book so that the containing JavaScript gets to the browser. More @ http://drwetter.eu/amazon Cheers, Dirk ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Stored XSS @ amazon with a book Dirk Wetter (Dec 18)