A little guidance...

[billp () ROCKETCASH COM (Bill Pennington)]

I have uncovered a flaw in a particular web site that allows you to
steal CC#s of unsuspecting victims. In order to exploit this you must be
able to sniff traffic that is going between the users machine and the
web site in question.

My question is, should I even bother putting this out? I researched some
archives and while I found a number of e-commerce shopping cart
vulnerabilities, none mentioned this particular method. I have contacted
the site in question but they seem to be clueless. ("All CC#s are over
SSL so we are safe!!" argg!) So is the fact you need a sniffer (or a
proxy server would work as well I guess, hmmmm) to exploit this make it
not "worthy"? It seems more and more devices are sniffing/capturing
network traffic these day (IDS, proxies, bad guys...) so it seems to be
a legitimate concern to me.

--