by r0t,der4444,cembo,VietMafia

Wednesday, December 07, 2005

t-online.de SHOP XSS

What i know that T-online is from Deutsche Tellekom , main IPS in germany , any also big company and there work good specialists.

any way , "searchHandle" paramter isnt properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

live example:

http://www.t-online-shop.de/tonline/product.do
?action=getProductDetail&product=7993&searchHan
dle=%22%3E%3Cscript%3Ealert(document.cookie)%3
C/script%3E

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew