Bugtraq mailing list archives

Sprint PCS vulnerable to malicious tags

From: shrub () YAHOO COM (Paul Schreiber)
Date: Fri, 4 Feb 2000 19:22:31 -0000


I'm sure you're all familiar with the CERT advisory:
  http://www.cert.org/advisories/CA-2000-02.html

Sprint PCS's web site is vulnerable to this flaw. Any text
you enter into the customer care area is subsequently
displayed verbatim on a web page:
  https://www.sprintpcs.com/manage/myaccount.asp

To access that page, you must have a sprint PCS account and
password. As soon as you post your question, it will appear
in your case history -- HTML and all.

At this point in time, it is unclear whether Sprint PCS
customer service representatives use a web browser to
respond to these questions. If this is the case, clever
hackers could exploit this vulnerability to gain sensitive
information about Sprint PCS, possibly including
confidential customer information.

There is a similar form for non-customers at:
  https://www.sprintpcs.com/learn/form_public_question.asp

You don't get to see the results yourself, but, again, if
Sprint PCS reps use a web browser, their systems could be
compromised.

Paul

Current thread:

Re: Novell BorderManager 3.5 Remote Slow Death, (continued)
- - - Re: Novell BorderManager 3.5 Remote Slow Death Ron van Daal (Feb 09)
    - Re: Novell BorderManager 3.5 Remote Slow Death Puchatek (Feb 11)
    - Re: recent 'cross site scripting' CERT advisory Bill Thompson (Feb 06)
    - Re: recent 'cross site scripting' CERT advisory Ari Gordon-Schlosberg (Feb 07)
    - Re: recent 'cross site scripting' CERT advisory Taneli Huuskonen (Feb 07)
    - Re: recent 'cross site scripting' CERT advisory Peter W (Feb 08)
    - Re: recent 'cross site scripting' CERT advisory Mikael Olsson (Feb 08)
    - Re: recent 'cross site scripting' CERT advisory Henri Torgemane (Feb 08)
    - Re: 'cross site scripting' defenses flynngn () JMU EDU (Feb 06)
    - Microsoft Security Bulletin (MS00-004) Microsoft Product Security (Feb 04)
    - Sprint PCS vulnerable to malicious tags Paul Schreiber (Feb 04)
  - Re: Bypass Virus Checking minus (Feb 03)
- Re: Bypass Virus Checking salme () US IBM COM (Feb 01)
- Re: Bypass Virus Checking Uwe Schurig (Feb 02)
- Re: Bypass Virus Checking Neil Bortnak (Feb 02)
  - Re: Bypass Virus Checking Nick FitzGerald (Feb 03)
- Re: Bypass Virus Checking Winkelmann, Brian (Feb 02)
- Re: Bypass Virus Checking Kuo, Jimmy (Feb 02)
- Re: Bypass Virus Checking Eric D. Williams (Feb 03)
  - Zeus Web Server: Null Terminated Strings Julian Midgley (Feb 08)
  - Re: Bypass Virus Checking Paul L Schmehl (Feb 08)

(Thread continues...)