HSC Research Group -
Written by Hackers Center
Tuesday, 12 April 2005 21:19
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho"s Security Advisory
I checked the main brands, for clothing and sportswear, ecommerce
web sites to be vulnerable. They all offer ecommerce opportunity so anyone
can register and start shopping with credit card.
- Levi.com (XSS)
- Nike.com (XSS)
- Diadora.com (SQL injection)
- Kappa.com (SQL injection and XSS)
All of the above are serious security flaws that can lead to a full account
stealing, credit card stealing. I published this to warn all the online customers
of the aove sites.
I can"t show any proof of concept because the risk of account stealing is high.
I"ve contacted the admins....but no response....(I"ve not asked for free t-shirts...)
I"ve archived some other big brands sites vulnerabilities that I will publish in the next
Zinho is webmaster and founder of http://www.hackerscenter.com ,
Security research portal
Secure Web Hosting Companies Reviewed:
zinho-no-spam @ hackerscenter.com