|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Tuesday, 12 April 2005 21:19 |
 Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho"s Security Advisory
I checked the main brands, for clothing and sportswear, ecommerce
web sites to be vulnerable. They all offer ecommerce opportunity so anyone
can register and start shopping with credit card.
Vulnerable sites:
- Levi.com (XSS)
- Nike.com (XSS)
- Diadora.com (SQL injection)
- Kappa.com (SQL injection and XSS)
All of the above are serious security flaws that can lead to a full account
stealing, credit card stealing. I published this to warn all the online customers
of the aove sites.
I can"t show any proof of concept because the risk of account stealing is high.
I"ve contacted the admins....but no response....(I"ve not asked for free t-shirts...)
I"ve archived some other big brands sites vulnerabilities that I will publish in the next
few days...
Author:
Zinho is webmaster and founder of http://www.hackerscenter.com ,
Security research portal
Secure Web Hosting Companies Reviewed:
http://www.securityforge.com/web-hosting/secure-web-hosting.asp
zinho-no-spam @ hackerscenter.com
|
