Stored XSS @ amazon with a book

[Dirk Wetter <spam () drwetter org>]

Hi,

there's in some sense a remarkable flaw in Amazon's web shop (tested on
.de, co.uk, .com).

It's a stored XSS vulnerability which can be exploited with a web
application security book. No kidding! It's easily reproducible:


1) Go to Amazon.TLD (for TLD see above, I guess every domain should work)

2) Search for a web application security book

3) Click on it. It should be a book which offers to search in the content

4) Search in the content for a string (more see below)

5) Put your mouse over the search result and if you're lucky:
   bingo!

WAHH contains some strings, as well as "XSS Attacks". Also I had success
with the German book "Sichere Webanwendungen". If you want to give it a
quick shot: search in WAHH for ADw. Even the "stallowned" hack from RSnake
works.

However it's kind of tricky positioning the payload in the book so that the
containing JavaScript gets to the browser. More @ http://drwetter.eu/amazon



Cheers,

Dirk





This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------