|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Saturday, 16 December 2006 13:54 |
 Hackers Center Security Group (http://www.hackerscenter.com/)
Doz"s Security Advisory
Desc: SiteCatalyst Web Login Cross Site Vulnerabilities
Risk: Medium
Omniture, Inc aims its aperture at your Web site. The company provides Internet analytic software and services to corporate customers such as AOL, eBay, General Motors, and Microsoft. Omniture"s primary product, SiteCatalyst, helps clients electronically measure Web site traffic, visitor activity, advertising effectiveness, and e-commerce transactions. Other products include the Omniture Discover, Data, and SearchCenter line of products, designed to provide customers access to all of their data in real time.
Login & Search Engines scripts affected
Vendor: www.omniture.com
Company Email:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Proof of concept:
/search.asp?ss=[XSS]
This Hole has been fixed. Case Closed. The sites Administration Has responded fast and we are happy
to have helped there security team.
-- HSC Security Group
http://www.hackerscenter.com
Security researcher? Join us: mail Zinho at zinho at hackerscenter.com
|
