WebApp Sec mailing list archives
Stored XSS @ amazon with a book
From: Dirk Wetter <spam () drwetter org>
Date: Fri, 17 Dec 2010 14:34:08 +0100
Hi, there's in some sense a remarkable flaw in Amazon's web shop (tested on .de, co.uk, .com). It's a stored XSS vulnerability which can be exploited with a web application security book. No kidding! It's easily reproducible: 1) Go to Amazon.TLD (for TLD see above, I guess every domain should work) 2) Search for a web application security book 3) Click on it. It should be a book which offers to search in the content 4) Search in the content for a string (more see below) 5) Put your mouse over the search result and if you're lucky: bingo! WAHH contains some strings, as well as "XSS Attacks". Also I had success with the German book "Sichere Webanwendungen". If you want to give it a quick shot: search in WAHH for ADw. Even the "stallowned" hack from RSnake works. However it's kind of tricky positioning the payload in the book so that the containing JavaScript gets to the browser. More @ http://drwetter.eu/amazon Cheers, Dirk This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Stored XSS @ amazon with a book Dirk Wetter (Dec 20)