Vulnerability Development mailing list archives
A little guidance...
From: billp () ROCKETCASH COM (Bill Pennington)
Date: Tue, 30 May 2000 13:09:25 -0700
I have uncovered a flaw in a particular web site that allows you to steal CC#s of unsuspecting victims. In order to exploit this you must be able to sniff traffic that is going between the users machine and the web site in question. My question is, should I even bother putting this out? I researched some archives and while I found a number of e-commerce shopping cart vulnerabilities, none mentioned this particular method. I have contacted the site in question but they seem to be clueless. ("All CC#s are over SSL so we are safe!!" argg!) So is the fact you need a sniffer (or a proxy server would work as well I guess, hmmmm) to exploit this make it not "worthy"? It seems more and more devices are sniffing/capturing network traffic these day (IDS, proxies, bad guys...) so it seems to be a legitimate concern to me. --
Current thread:
- A little guidance... Bill Pennington (May 30)
- Re: A little guidance... Brian Kifiak (May 30)
- Re: A little guidance... John Kinsella (May 30)
- Re: A little guidance... Bill Pennington (May 31)
- Re: A little guidance... Mark Rafn (May 31)